""A potential security vulnerability has been identified in Hewlett Packard Enterprise OneView Software. This vulnerability could be exploited, allowing a remote unauthenticated user to perform remote code execution," HPE said in an advisory issued this week. It affects all versions of the software prior to version 11.00, which addresses the flaw. The company has also made available a hotfix that can be applied to OneView versions 5.20 through 10.20."
"It's worth noting that the hotfix must be reapplied after upgrading from version 6.60 or later to version 7.00.00, or after any HPE Synergy Composer reimaging operations. Separate hotfixes are available for the OneView virtual appliance and Synergy Composer2. Although HPE makes no mention of the flaw being exploited in the wild, it's essential that users apply the patches as soon as possible for optimal protection."
Hewlett Packard Enterprise OneView contains a maximum-severity vulnerability (CVE-2025-37164) enabling unauthenticated remote code execution with a CVSS score of 10.0. The flaw affects all OneView versions prior to 11.00; version 11.00 addresses the issue. HPE published a hotfix for OneView 5.20 through 10.20 and notes the hotfix must be reapplied after upgrades from 6.60+ to 7.00.00 or after Synergy Composer reimaging. Separate hotfixes exist for the OneView virtual appliance and Synergy Composer2. No exploitation in the wild has been reported; prompt patching is recommended. HPE previously released updates addressing StoreOnce and third-party component flaws.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]