CVE-2025-37164
10.0CRITICALA remote code execution issue exists in HPE OneView.
Veröffentlicht: 12/16/2025Aktualisiert: 1/8/2026
CISA Bekannte Ausgenutzte Schwachstelle
Hewlett Packard Enterprise (HPE) OneView contains a code injection vulnerability that allows a remote unauthenticated user to perform remote code execution.
Erforderliche Maßnahme:
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Fälligkeitsdatum:
2026-01-28
Beschreibung
A remote code execution issue exists in HPE OneView.
KI-AnalyseKI-gestützt
Betroffene Produkte
hpeoneview
Referenzen
- https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04985en_us&docLocale=en_USVendor Advisory
- https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/hpe_oneview_rce.rbExploit
- https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04985en_us&docLocale=en_US#vulnerability-summary-1Vendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-37164US Government Resource