The U.S. CISA has issued a warning about a critical vulnerability in HPE OneView software, which is actively exploited by hackers for remote code execution. HPE recommends upgrading to version 11.00 or later to patch this flaw and prevent attacks. #HPEOneView #CVE202537164
Keypoints
- The vulnerability CVE-2025-37164 affects all HPE OneView versions before v11.00.
- Unpatched systems are vulnerable to low-complexity code-injection attacks.
- CISA mandates federal agencies to patch systems by January 28th under BOD 22-01.
- There are currently no workarounds or mitigations available for this flaw.
- HPE has a history of addressing security issues in its products, including vulnerabilities in Aruba and StoreOnce solutions.