By Abinaya
Publication Date: 2025-12-23 11:38:00
Security researchers have released a proof-of-concept (PoC) exploit for a critical vulnerability in HPE OneView, a popular IT infrastructure management platform.
The defect, tracked as CVE-2025-37164has a maximum CVSS score of 10.0, indicating an immediate danger to business environments.
The vulnerability allows remote attackers to execute malicious code on affected systems without requiring a password or any type of authentication.
A valid metasploit module has already been released, making it easy for threat actors to weaponize this flaw.
| Feature | Details |
|---|---|
| CVE ID | CVE-2025-37164 |
| Gravity | Critical (CVSS 10.0) |
| Supplier | Hewlett Packard Enterprise (HPE) |
| Affected product | HPE OneView (versions <11.0) |
| Vulnerability type | Remote Code Execution (RCE) |
| Operating status | PoC and Metasploit module available |
Technical breakdown
The problem lies in the REST of ID-Pools API endpoint of HPE OneView software.
Specifically, the vulnerability exists in how…