- HPE Fixes Critical RCE Bug (CVE-2025-37164) in OneView Severity 10/10
- Exploitation can allow attackers to reconfigure servers, deploy malware, or create persistent backdoors
- Users should upgrade to version 11.0 or apply hotfix immediately
HPE has fixed a maximum severity vulnerability in its OneView platform that could cause quite a few problems for businesses.
HPE OneView is a centralized infrastructure management platform that lets administrators deploy, monitor and manage HPE servers, storage and networks through a single software-defined interface. The product is critical in an enterprise environment because it has centralized control over server hardware, firmware, storage and network configurations.
If a cybercriminal gains access, they can reconfigure servers, deploy malicious firmware, disrupt workloads, or create persistent infrastructure-level backdoors. This can lead to widespread outages, data theft, and long-term compromises that are difficult to detect, and since OneView operates below the operating system layer, traditional security tools may not see or stop the abuse.
Upgrades and hotfixes
HPE recently issued a new security advisory and released a patch, but did not describe the vulnerability beyond saying it is a Remote Code Execution (RCE) flaw available to unauthorized users.
The bug is tracked as CVE-2025-37164 and has a severity rating of 10/10 (Critical). It affects HPE OneView version 5-20 to 10.20.
“A potential security vulnerability has been identified in Hewlett Packard Enterprise OneView Software,” HPE said in its advisory. “This vulnerability could be exploited to allow an unauthorized remote user to perform remote code execution.”
The key word here is “could” – meaning HPE has yet to see it abused in the wild. But given its seriousness and disruptive potential, it’s safe to assume that cybercriminals are already looking for ways to make it work, especially ransomware operators who need extensive access to succeed.
If you are running HPE OneView, you should upgrade to version 11.0 or apply the emergency hotfix without hesitation. OneView virtual appliance and HPE Synergy have separate fixes, it said.
Via The register
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
