"Update January 8, 2026: The US security authority CISA warns that the HPE OneView vulnerability CVE-2025-37164 is being actively exploited. Patching is therefore not only good advice, but also a requirement to remain secure in the face of ongoing attacks. Those who have not yet applied patches should also check whether malicious parties have already gained access and moved laterally through the corporate network. If so, there may be backdoors that even survive a OneView patch."
"The security flaw affects all versions of the software prior to version 11.00. HPE has resolved the issue with this new version. In addition, the company is releasing a hotfix for OneView versions 5.20 through 10.20. There is an important point to note when installing the hotfix. When upgrading from version 6.60 or later to 7.00.00, the patch must be reapplied. The hotfix is also required after reinstalling HPE Synergy Composer. Separate hotfixes are available for the OneView virtual appliance and Synergy Composer2."
CVE-2025-37164 is a critical remote code execution vulnerability in HPE OneView that scores 10.0 and allows unauthenticated attackers to execute code remotely. HPE fixed the flaw in OneView version 11.00 and issued hotfixes for versions 5.20 through 10.20. The flaw affects all versions prior to 11.00. When upgrading from 6.60 or later to 7.00.00 the hotfix must be reapplied, and the hotfix is required after reinstalling HPE Synergy Composer. Separate hotfixes exist for the OneView virtual appliance and Synergy Composer2. CISA warned on January 8, 2026 that the vulnerability is being actively exploited; organizations should patch and check for lateral movement and surviving backdoors.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]