HPE has released security patches for a critical vulnerability (CVE-2025-37164) in its OneView infrastructure management software, which could allow remote code execution by unauthenticated attackers. Organizations using affected versions should urgently apply updates to prevent potential exploitation. #HPEOneView #CVE202537164
Keypoints
- The vulnerability impacts all HPE OneView versions released before v11.00.
- Attackers can exploit the flaw through low-complexity code injection attacks.
- HPE recommends upgrading to version 11.00 or later and applying hotfixes for versions 5.20 through 10.20.
- There are currently no known workarounds or mitigations for CVE-2025-37164.
- HPE has patched previous vulnerabilities in its StoreOnce and Aruba Instant On products in recent months.