By Sergiu Gatlan
Publication Date: 2025-12-18 11:35:00
Hewlett Packard Enterprise (HPE) has patched a maximum severity vulnerability in its HPE OneView software that allows attackers to execute arbitrary code remotely.
OneView is HPE’s infrastructure management software that helps IT administrators streamline operations and automate the management of servers, storage, and network devices from a centralized interface.
This critical security flaw (CVE-2025-37164) was reported by Vietnamese security researcher Nguyen Quoc Khanh (brocked200) to the company’s security team.
It affects all versions of OneView released before v11.00 and can be exploited by unauthenticated threat actors at low complexity. code injection attacks to gain remote code execution on unpatched systems.
“A potential security vulnerability has been identified in Hewlett Packard Enterprise OneView software. This vulnerability could be exploited, allowing an unauthenticated remote user to perform remote code execution,” HPE warned in a Tuesday…
