Critical RCE Vulnerability in HPE OneView Software Alerts Industry Leaders

Hewlett Packard Enterprise (HPE) Addresses Critical Vulnerability in HPE OneView Software

Recently, Hewlett Packard Enterprise (HPE) released a patch for a severe vulnerability in its HPE OneView software that could potentially allow attackers to execute malicious code remotely. This vulnerability, identified as CVE-2025-37164, was disclosed to HPE by Vietnamese security researcher Nguyen Quoc Khanh (brocked200).

HPE OneView is a vital infrastructure management tool designed to assist IT administrators in simplifying operations and automating the management of servers, storage, and networking devices through a centralized interface.

The security flaw affects all versions of OneView released prior to v11.00 and can be exploited by threat actors without authentication, making it a significant risk for organizations. As a result, HPE has urged administrators to promptly apply the necessary patch to mitigate the vulnerability.

According to HPE’s advisory, the CVE-2025-37164 vulnerability could allow remote unauthenticated users to execute arbitrary code on vulnerable systems. The company has emphasized the importance of applying the patch promptly due to the lack of workarounds or mitigations available for this issue.

Organizations using OneView versions 5.20 through 10.20 can address the vulnerability by deploying a security hotfix. Additionally, HPE has provided separate downloads for the virtual appliance security hotfix and the Synergy security hotfix on dedicated support pages.

It is essential for affected organizations to upgrade to OneView version 11.00 or later to safeguard their systems from potential exploitation. HPE has not confirmed any active attacks targeting this vulnerability but advises proactive measures to prevent any security breaches.

In the past, HPE has demonstrated its commitment to addressing security issues promptly. In June, the company patched multiple vulnerabilities in its StoreOnce backup solution, highlighting the importance of maintaining a secure IT environment.

With over 61,000 employees worldwide and a significant presence in the technology industry, HPE continues to offer products and services to a vast array of organizations globally. By prioritizing security and innovation, HPE aims to provide reliable solutions to its customers.

Addressing IAM challenges is crucial for the overall security of your business. Learn how to enhance your IAM strategy with our comprehensive guide.

Discover the key components of effective IAM practices and build a scalable strategy to protect your organization from potential security threats.

Access the guide