- HPE patches critical RCE flaw (CVE-2025‑37164) in OneView, severity 10/10
- The exploit could allow attackers to reconfigure servers, spread malware, or create persistent backdoors
- Users should upgrade to version 11.0 or apply the emergency hotfix immediately
HPE has patched a high-risk vulnerability in its OneView platform that could cause multiple issues for organizations.
HPE OneView is a centralized infrastructure management platform that enables administrators to deploy, monitor, and manage HPE servers, storage, and networking through a single software-defined interface. The product is critical in an enterprise environment because it has central control over server hardware, firmware, storage, and network configurations.
If a cybercriminal gains access, they can reconfigure servers, deploy malicious firmware, disrupt workloads, or create persistent infrastructure-level backdoors. This could lead to widespread outages, data theft, and long-term compromise that is difficult to detect, and since OneView operates under a At the operating system layer, traditional security tools may not be able to see or stop abuse.
Upgrades and hotfixes
HPE recently published new security guidance and issued a patch, but did not detail the vulnerability other than to say it is a remote code execution (RCE) flaw available to unauthenticated users.
The bug was tracked as CVE-2025-37164 and has a severity rating of 10/10 (Critical). It affects HPE OneView versions 5 through 20 through 10.20.
“A potential security vulnerability has been identified in “Hewlett Packard Enterprise OneView. This vulnerability can be exploited, allowing an unauthenticated remote user to execute remote code,” HPE said in its warning.
The key word here is “can” – which means HPE hasn’t seen it abused in the wild yet. However, given their severity and disruptive potential, it is safe to assume that cybercriminals are already looking for ways to operate them, especially ransomware operators who need comprehensive access to succeed.
If you’re running HPE OneView, you should upgrade to version 11.0 or apply the emergency hotfix without hesitation. The OneView Virtual Appliance and HPE Synergy were said to have separate fixes.
via Record
The best antivirus software for all budgets
Follow TechRadar on Google News and Add us as a favorite source Get expert news, reviews and opinions in your feeds. Make sure to click the follow button!
And of course you can too Follow TechRadar on TikTok To get news, reviews and unboxings in video form, and get regular updates from us on WhatsApp also.