- HPE Fixes Critical RCE Vulnerability (CVE‑2025‑37164) in OneView Severity 10/10
- Exploitation could allow attackers to reconfigure servers, deploy malware, or create permanent backdoors.
- Users should upgrade to version 11.0 or apply the emergency fix immediately.
HPE has fixed a maximum severity vulnerability in its OneView platform that could cause a number of issues for enterprises.
HPE OneView is a centralized infrastructure management platform that allows administrators to deploy, monitor and manage HPE servers, storage and networks through a single software-defined interface. This product is critical in an enterprise environment as it provides centralized control over server hardware, firmware, storage and network configurations.
If a cybercriminal gains access, they can reconfigure servers, deploy malicious firmware, disrupt workloads, or create persistent backdoors at the infrastructure level. This can lead to widespread outages, data theft, and long-term compromise that is difficult to detect, and since OneView operates below the operating system At the level, traditional security tools may not notice or stop abuse.
Updates and fixes
HPE recently published new security advisories and released a patch, but did not specify the vulnerability other than to say it is a remote code execution (RCE) flaw accessible to unauthenticated users.
The bug is tracked as CVE-2025-37164 and has a severity level of 10/10 (critical). This applies to HPE OneView versions 5 through 20 through 10.20.
“A potential security vulnerability has been identified in Hewlett Packard Enterprise OneView Software,” says HPE. “This vulnerability can be exploited by allowing a remote unauthenticated user to perform remote code execution.”
The key word here is “may” – which means HPE hasn't seen it abused in real life yet. However, given its severity and destructive potential, it's safe to assume that cybercriminals are already looking for ways to make it work, especially ransomware operators who need broad access to succeed.
If you are using HPE OneView, you should not hesitate to upgrade to version 11.0 or apply the emergency fix. The OneView virtual appliance and HPE Synergy are reported to have separate fixes.
By using Register
The best antivirus for any budget
Follow TechRadar on Google News. And add us as your preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the “Subscribe” button!
And of course you can also Follow TechRadar on TikTok for news, reviews, unboxing videos and get regular updates from us on whatsapp too much.
