The Daily Patch
Back to News
vulnerability🌐InternationalThe Hacker News

HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution

Thursday, December 18, 2025

HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution

What

A critical vulnerability in HPE OneView Software could allow remote unauthenticated users to execute code remotely, posing significant security risks.

Where

Hewlett Packard Enterprise's OneView Software is used globally for IT infrastructure management.

When

The vulnerability was reported and patched in the week of the advisory release, with ongoing updates and hotfixes provided since June.

Key Factors

  • CVE-2025-37164 has a CVSS score of 10.0, indicating maximum severity.
  • The vulnerability affects all versions of OneView prior to version 11.00.
  • Hotfixes are available for specific versions, but must be reapplied after certain upgrades.

Takeaways

  • Users must prioritize applying the provided patches to mitigate risks associated with this vulnerability.
  • The incident highlights the importance of timely software updates in maintaining cybersecurity.
  • Organizations should regularly monitor for vulnerabilities in their IT infrastructure management tools.

Reported by 2 Sources

USThe Hacker NewsSecurityWeek

Similar News

Over 10K Fortinet Firewalls Exposed to Actively Exploited 2FA Bypass

Over 10K Fortinet Firewalls Exposed to Actively Exploited 2FA Bypass

Kimwolf Botnet Exploits Residential Proxies to Infiltrate Home Networks

Kimwolf Botnet Exploits Residential Proxies to Infiltrate Home Networks

RondoDox Botnet Exploits Critical React2Shell Flaw in Next.js Servers

RondoDox Botnet Exploits Critical React2Shell Flaw in Next.js Servers

IBM API Connect Critical Authentication Bypass Disclosed

IBM API Connect Critical Authentication Bypass Disclosed