A critical code injection flaw in Hewlett Packard Enterprise OneView, tracked as CVE-2025-37164, has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog.
The vulnerability has been confirmed to be actively exploited by threat actors, triggering urgent remediation timelines for federal agencies and critical infrastructure operators.
CVE-2025-37164 represents a severe security flaw in HP Enterprise OneView, a widely deployed infrastructure management platform used across data centers globally.
The vulnerability allows remote unauthenticated attackers to execute arbitrary code on affected systems without requiring authentication credentials.
HP Enterprise OneView Code Injection Vulnerability
This unauthenticated attack surface dramatically increases the risk exposure, as threat actors can compromise systems directly from the network perimeter.
The vulnerability stems from improper input validation in OneView’s code processing functions, classified under CWE-94 (Code Injection).
The weakness enables attackers to craft malicious payloads that bypass security controls and gain unrestricted command execution capabilities on the host system.
CISA has mandated specific remediation steps for all organizations utilizing HP Enterprise OneView:
Primary Mitigation: Apply all security patches and vendor-issued updates immediately. HP has released patches to address this vulnerability; they must be deployed urgently.
Compliance Requirement: Federal agencies must follow BOD 22-01 guidance for cloud services and apply equivalent controls to on-premises OneView deployments within the 21-day remediation window.
Alternative Action: Organizations unable to patch by the deadline should consider discontinuing OneView services or implementing compensating controls, pending the vendor’s remediation availability.
While specific ransomware campaign details remain under investigation, CISA’s placement on the KEV catalog confirms active threat intelligence.
Organizations should assume exploitation attempts are occurring and prioritize patching accordingly.
| Priority | Timeframe | Recommended Action |
|---|---|---|
| Immediate | 24–48 hours | Audit all OneView instances across the infrastructure |
| Short-term | 1 week | Deploy patches to non-production environments for testing |
| Critical | 21 days | Complete production patching before the January 28 deadline |
Organizations should monitor CISA’s official advisory updates and HP security bulletins for comprehensive remediation guidance and detection indicators.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
