The Daily Patch
Back to News
vulnerability🌐InternationalSecurity Affairs

Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw

Thursday, December 18, 2025

Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw

What

A critical vulnerability in HPE OneView software was discovered, enabling remote code execution by attackers without authentication.

Where

Hewlett Packard Enterprise's OneView software, primarily used in data center management across various organizational environments.

When

The vulnerability was reported on December 18, 2025, and affects all versions through v10.20.

Key Factors

  • CVE-2025-37164 has a CVSS score of 10.0
  • Allows remote code execution by unauthenticated users
  • Impacts all versions of OneView up to v10.20

Takeaways

  • Organizations using HPE OneView should apply the security patches immediately.
  • The incident highlights the importance of timely updates to prevent exploitation of critical vulnerabilities.
  • Regular vulnerability assessments and patch management are essential for maintaining security posture.
Read Full Article

Opens original article on Security Affairs

Similar News

Over 10K Fortinet Firewalls Exposed to Actively Exploited 2FA Bypass

Over 10K Fortinet Firewalls Exposed to Actively Exploited 2FA Bypass

Kimwolf Botnet Exploits Residential Proxies to Infiltrate Home Networks

Kimwolf Botnet Exploits Residential Proxies to Infiltrate Home Networks

RondoDox Botnet Exploits Critical React2Shell Flaw in Next.js Servers

RondoDox Botnet Exploits Critical React2Shell Flaw in Next.js Servers

IBM API Connect Critical Authentication Bypass Disclosed

IBM API Connect Critical Authentication Bypass Disclosed