An unauthenticated remote code execution vulnerability (CVE-2025-37164) affecting certain versions of HPE OneView is being leveraged by attackers, CISA confirmed by adding the flaw to its Known Exploited Vulnerabilities catalog.
The vulnerability’s inclusion in the catalog is unsurprising, as technical details and a Metasploit module were made public soon after it was disclosed, making exploitation by less-skilled attackers easier.
About HPE OneView and CVE-2025-37164
HPE OneView is a centralized infrastructure management platform used to deploy, monitor, and manage HPE data center hardware and software from a single interface.
The solution is popular in large-scale and automated data center environments.
“OneView sits at a privileged control plane for enterprise infrastructure, so successful exploitation isn’t just about establishing remote code execution, it’s about gaining centralized control over servers, firmware, and lifecycle management at scale,” Rapid7 researchers explained.
“Management platforms are often deployed deep inside the network with broad privileges and minimal monitoring because they’re ‘supposed’ to be trusted. When an unauthenticated RCE shows up in that layer, defenders need to treat it as an assumed-breach scenario, prioritize patching immediately, and review access paths and segmentation.”
CVE-2025-37164 is a code injection vulnerability via an unsecured REST API endpoint and can lead to unauthenticated remote code execution.
CVE-2025-37164 was privately reported by security researcher Nguyen Quoc Khanh and Hewlett Packard Enterprise released hotfixes on December 16, 2025.
Rapid7 researchers analyzed the hotfix and explained how the vulnerability can be triggered. On December 19, a Metasploit module for the flaw was released.
HPE says that OneView versions before v11.0 are vulnerable, and organizations should upgrade to it, as there are no workarounds nor mitigations available.
Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!