"Hewlett Packard Enterprise has fixed a critical vulnerability in OneView Software that allows remote code execution. The bug received the maximum CVSS score of 10.0 and has now been fixed in version 11.00. HPE announced in a security advisory that the vulnerability, numbered CVE-2025-37164, is extremely dangerous. An unauthenticated attacker could remotely execute code by exploiting this flaw. OneView is an IT infrastructure management solution that controls all systems within organizations from a single central dashboard."
"The security flaw affects all versions of the software prior to version 11.00. HPE has resolved the issue with this new version. In addition, the company is releasing a hotfix for OneView versions 5.20 through 10.20. There is an important point to note when installing the hotfix. When upgrading from version 6.60 or later to 7.00.00, the patch must be reapplied. The hotfix is also required after reinstalling HPE Synergy Composer. Separate hotfixes are available for the OneView virtual appliance and Synergy Composer2."
Hewlett Packard Enterprise OneView contained a critical vulnerability (CVE-2025-37164) allowing unauthenticated remote code execution and received a CVSS score of 10.0. HPE released version 11.00 to resolve the issue and provided hotfixes for OneView versions 5.20 through 10.20. Upgrades from 6.60 or later to 7.00.00 require reapplying the patch, and the hotfix is required after reinstalling HPE Synergy Composer. Separate hotfixes exist for the OneView virtual appliance and Synergy Composer2. The flaw results from incorrect input validation in a REST API endpoint, reported by researcher Nguyen Quoc Khanh. No evidence of active exploitation has been reported. Users are urged to install patches promptly.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]