A severe security vulnerability has been discovered in Hewlett Packard Enterprise OneView software, threatening enterprise infrastructure across data centers and hybrid cloud environments.
The flaw, tracked as CVE-2025-37164, carries a maximum CVSS 3.1 severity score of 10.0, indicating critical risk requiring immediate remediation.
The vulnerability permits unauthenticated remote attackers to execute arbitrary code on affected systems without requiring user interaction or elevated privileges.
This network-based attack vector presents a significant risk to organizations managing enterprise server environments through HPE OneView’s centralized management platform.
Affected Versions and Scope
HPE OneView versions prior to 11.00 remain vulnerable, potentially impacting thousands of enterprises relying on the platform for infrastructure orchestration.
The vulnerability affects all deployment models of the affected versions, from virtual appliances to physical infrastructure environments.
Remote attackers could leverage this vulnerability to gain complete system control, including reading sensitive data, modifying configurations, and disrupting services.
The absence of authentication requirements dramatically increases exploitation risk, as attackers need only network connectivity to affected systems to execute attacks.
HPE released version 11.00 of OneView as the permanent fix. Organisations using older versions can apply temporary security hotfixes available through HPE’s licensing portal.
OneView versions 5.20 through 10.20 can deploy the security hotfix, though users upgrading from version 6.60 or later must reapply the patch after system updates.
HPE Synergy Composer users should download dedicated security hotfixes from the company’s support portal. Users are advised to consult HPE’s patch management policies before deploying updates to production environments.
HPE credited security researcher brocked200 (Nguyen Quoc Khanh) for responsibly reporting this vulnerability.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.