{"id":9876,"date":"2025-12-18T16:01:10","date_gmt":"2025-12-18T16:01:10","guid":{"rendered":"https:\/\/techtrendfeed.com\/?p=9876"},"modified":"2025-12-18T16:01:10","modified_gmt":"2025-12-18T16:01:10","slug":"hpe-oneview-flaw-rated-cvss-10-0-permits-unauthenticated-distant-code-execution","status":"publish","type":"post","link":"https:\/\/techtrendfeed.com\/?p=9876","title":{"rendered":"HPE OneView Flaw Rated CVSS 10.0 Permits Unauthenticated Distant Code Execution"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">Dec 18, 2025<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><\/span><span class=\"p-tags\">Vulnerability \/ Enterprise Safety <\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhH806nHTdXt51O7PVip7PNV2XCDB4KCOygYB69A4vwOOjVyK1B_3cNesAvljNSzuj-lAmCe8AgIgrwQtK7fuOckkB4hj1QQ-tYq4OI8lrvsz30cNzfjrOF8b5qiT_wEpAlsvEGa68zHG0dtl2CZK6hz7MpW-W6ZlPRgj7PGMIa-n38VlwbOhHfip4cTTrY\/s790-rw-e365\/hpe.jpg\" style=\"display: block;  text-align: center; clear: left; float: left;\"><img decoding=\"async\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhH806nHTdXt51O7PVip7PNV2XCDB4KCOygYB69A4vwOOjVyK1B_3cNesAvljNSzuj-lAmCe8AgIgrwQtK7fuOckkB4hj1QQ-tYq4OI8lrvsz30cNzfjrOF8b5qiT_wEpAlsvEGa68zHG0dtl2CZK6hz7MpW-W6ZlPRgj7PGMIa-n38VlwbOhHfip4cTTrY\/s790-rw-e365\/hpe.jpg\" alt=\"\" border=\"0\" data-original-height=\"470\" data-original-width=\"900\"\/><\/a><\/div>\n<p>Hewlett Packard Enterprise (HPE) has resolved a maximum-severity safety flaw in OneView Software program that, if efficiently exploited, might end in distant code execution.<\/p>\n<p>The vital vulnerability, assigned the CVE identifier <strong><a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-37164\" rel=\"noopener\" target=\"_blank\">CVE-2025-37164<\/a><\/strong>, carries a CVSS rating of 10.0. HPE <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.hpe.com\/us\/en\/software\/oneview.html\" rel=\"noopener\" target=\"_blank\">OneView<\/a> is an IT infrastructure administration software program that streamlines IT operations and controls all programs by way of a centralized dashboard interface.<\/p>\n<p>&#8220;A possible safety vulnerability has been recognized in Hewlett Packard Enterprise OneView Software program. This vulnerability might be exploited, permitting a distant unauthenticated person to carry out distant code execution,&#8221; HPE <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/support.hpe.com\/hpesc\/public\/docDisplay?docId=hpesbgn04985en_us&amp;docLocale=en_US#vulnerability-summary-1\" rel=\"noopener\" target=\"_blank\">mentioned<\/a> in an advisory issued this week.<\/p>\n<div class=\"dog_two clear\"><center class=\"cf\"><a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/thehackernews.uk\/zscaler-ai-event-d\" rel=\"nofollow noopener sponsored\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybersecurity\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEinxj4dTok82ZV2b8A9G6QuBBCN5qdVFKKRch8Uz5axgjD1QbxCk1FA2kFAfZDsAexFUcsl5T87skNCi8B-E_PfGmLAsRrTUmy3H6o9OzVP03WggqWzWo7teatoin2nYWebDhXYcE2u7t_pqMwwPUgMOA-mB7eAOR9U4_YO9UUtiW29pYvN_pLmCOlx5vAU\/s728-e100\/zz-d.png\" width=\"729\" height=\"91\"\/><\/a><\/center><\/div>\n<p>It impacts all variations of the software program previous to <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/support.hpe.com\/hpesc\/public\/docDisplay?docId=sd00006817en_us&amp;page=GUID-EE158266-5CA2-4EF6-BDEF-BD4945C38EDA.html\" rel=\"noopener\" target=\"_blank\">model 11.00<\/a>, which addresses the flaw. The corporate has additionally made accessible a hotfix that may be utilized to OneView variations 5.20 via 10.20.<\/p>\n<p>It is price noting that the hotfix have to be reapplied after upgrading from model 6.60 or later to model 7.00.00, or after any HPE Synergy Composer reimaging operations. Separate hotfixes can be found for the OneView digital equipment and Synergy Composer2.<\/p>\n<p>Though HPE makes no point out of the flaw being exploited within the wild, it is important that customers apply the patches as quickly as attainable for optimum safety.<\/p>\n<p>Earlier this June, the corporate additionally <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/thehackernews.com\/2025\/06\/hpe-issues-security-patch-for-storeonce.html\" rel=\"noopener\" target=\"_blank\">launched<\/a> updates to repair eight vulnerabilities in its StoreOnce information backup and deduplication resolution that might end in an authentication bypass and distant code execution. It additionally shipped OneView model 10.00 to remediate quite a lot of recognized flaws in third-party elements, resembling Apache Tomcat and Apache HTTP Server. <\/p>\n<\/div>\n\n","protected":false},"excerpt":{"rendered":"<p>\ue802Dec 18, 2025\ue804Ravie LakshmananVulnerability \/ Enterprise Safety Hewlett Packard Enterprise (HPE) has resolved a maximum-severity safety flaw in OneView Software program that, if efficiently exploited, might end in distant code execution. The vital vulnerability, assigned the CVE identifier CVE-2025-37164, carries a CVSS rating of 10.0. HPE OneView is an IT infrastructure administration software program that [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":9878,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58],"tags":[977,5268,2205,2705,6997,6998,4500,1151,6999],"class_list":["post-9876","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-code","tag-cvss","tag-execution","tag-flaw","tag-hpe","tag-oneview","tag-rated","tag-remote","tag-unauthenticated"],"_links":{"self":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/9876","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=9876"}],"version-history":[{"count":1,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/9876\/revisions"}],"predecessor-version":[{"id":9877,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/9876\/revisions\/9877"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/media\/9878"}],"wp:attachment":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=9876"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=9876"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=9876"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}<!-- This website is optimized by Airlift. Learn more: https://airlift.net. Template:. Learn more: https://airlift.net. Template: 69d9690a190636c2e0989534. Config Timestamp: 2026-04-10 21:18:02 UTC, Cached Timestamp: 2026-06-13 15:21:17 UTC -->