#unauthenticated-rce

[ follow ]
#hpe-oneview #cve-2025-37164 #patchhotfix #cve-2025-40602 #sma-1000 #privilege-escalation #cve-2025-4008
Information security
fromwww.theregister.com
3 weeks ago

HPE OneView RCE bug scores a perfect 10

A critical unauthenticated remote code execution vulnerability (CVE-2025-37164) in HPE OneView allows attackers centralized control; customers must upgrade or apply hotfix immediately.
fromTheregister
3 weeks ago

Another bad week for SonicWall as SMA 1000 0-day exploited

SonicWall's official notice, published this week, says users should update to the latest hotfix versions immediately and restrict access to the Appliance Management Console to trusted networks. The vendor's PSIRT team says the issue affects only SMA 1000 appliances and does not impact other SonicWall firewall products or SSL VPN functions, but the fact that attackers have already begun exploiting the flaw underscores how exposed remote-access infrastructure remains.
Information security
Information security
fromThe Hacker News
3 months ago

CISA Flags Meteobridge CVE-2025-4008 Flaw as Actively Exploited in the Wild

Meteobridge contains a command-injection vulnerability (CVE-2025-4008) allowing unauthenticated remote attackers to execute arbitrary commands as root; vulnerability is actively exploited and patched in version 6.
[ Load more ]