- HPE fixes critical RCE flaw (CVE‑2025‑37164) in OneView, severity 10/10
- The exploit could allow attackers to reconfigure servers, deploy malware, or create persistent backdoors.
- Users should upgrade to version 11.0 or apply the emergency patch immediately.
HPE has fixed a maximum severity vulnerability in its OneView platform, which could cause many problems for businesses.
HPE OneView is a centralized infrastructure management platform that allows administrators to deploy, monitor and manage HPE servers, storage and networking through a single software-defined interface. The product is essential in an enterprise environment as it has centralized control over server hardware, firmware, storage and network configurations.
If a cybercriminal succeeds, they could reconfigure servers, deploy malicious firmware, disrupt workloads, or create persistent infrastructure backdoors. This could lead to widespread outages, data theft, and long-term compromises that are difficult to detect, and because OneView operates under the operating system layer, traditional security tools may not detect or stop abuse.
Upgrades and fixes
HPE recently issued a new security advisory and released a patch, but did not detail the vulnerability, only saying that it is a remote code execution (RCE) flaw accessible to unauthenticated users.
The bug is tracked as CVE-2025-37164 and has a severity rating of 10/10 (critical). This affects HPE OneView versions 5-20 through 10.20.
“A potential security vulnerability has been identified in Hewlett Packard Enterprise OneView software,” HPE said in its advisory. “This vulnerability could be exploited, allowing an unauthenticated remote user to execute code remotely.”
The key word here is “could,” which means HPE hasn’t seen any abuse in the wild yet. However, given its severity and disruptive potential, it can be assumed that cybercriminals are already looking for ways to exploit it, particularly ransomware operators who need extensive access to succeed.
If you are using HPE OneView, you should upgrade to version 11.0 or apply the emergency patch without hesitation. The OneView Virtual Appliance and HPE Synergy have separate patches, it was noted.
Via The register
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
