{"id":6274,"date":"2025-12-19T01:49:15","date_gmt":"2025-12-19T01:49:15","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=6274"},"modified":"2025-12-19T01:49:15","modified_gmt":"2025-12-19T01:49:15","slug":"hpe-oneview-vulnerable-to-remote-code-execution-attack","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=6274","title":{"rendered":"HPE OneView vulnerable to remote code execution attack"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

A maximum severity remote code execution vulnerability in Hewlett Packard Enterprise (HPE) OneView network and systems management suite is \u201cbad\u201d and needs to be patched immediately, says a cybersecurity expert.<\/p>\n

\u201cVendors typically downplay the severity of a vulnerability,\u201d says Curtis Dukes<\/a>, executive VP for security best practices at the Center for Internet Security, \u201cbut HPE did not \u2013 it\u2019s a 10.\u201d<\/p>\n

The vulnerability is remotely executable by an unauthenticated user, he added, and it impacts every recent version of the suite. On top of that, he pointed out, OneView is a central manager of IT infrastructure in organizations.<\/p>\n

\u201cFor these reasons, the patch should be implemented immediately,\u201d Dukes said. \u00a0\u201cAdversaries, nation-state, and criminal gangs alike know there is a window of opportunity and are likely working on an exploit.\u201d<\/p>\n

HPE says in its advisory<\/a> that the vulnerability, CVE-2025-37164<\/a>, affects all versions between 5.20 and 10.20. \u00a0It can be resolved by applying a security hotfix, which must be reapplied after an appliance upgrade from HPE OneView version 6.60.xx to 7.00.00, as well as after any HPE Synergy Composer reimage.<\/p>\n

HPE offers separate hotfixes for\u00a0HPE OneView virtual appliance<\/a> and\u00a0HPE Synergy Composer<\/a>.<\/p>\n

The advisory adds that any third party security patches that are to be installed on systems running HPE software products should be applied in accordance with the customer\u2019s patch management policy.<\/p>\n

Asked for comment, an HPE spokesperson said the company has nothing to say beyond its advisory, other than to urge admins to download and install the patches as soon as possible.<\/p>\n

Jack Bicer<\/a>, director of vulnerability research at Action1, said that because this vulnerability can be exploited without authentication or any user interaction, it is \u201can extremely severe security issue. There are no available workarounds, so the patch should be applied immediately. Until the patch can be applied, restrict network access to the OneView management interface to trusted administrative networks only.\u201d<\/p>\n

HPE describes OneView as a solution that simplifies infrastructure lifecycle management across compute storage and networking through a unified API. It allows admins to create a catalogue of workload-optimized infrastructure templates so more general IT staff can rapidly and reliably provision resources. These templates can quickly provision physical, virtual, and containerized systems, setting up BIOS settings, local RAID configuration, firmware baseline, shared storage and more. HPE says software-defined intelligence allows IT to run multiple applications simultaneously with repeatable templates that ensure high reliability, consistency, and control. The vendor also says the embedded automation speeds provisioning and lowers operating expenses.<\/p>\n

The most recent major vulnerability in OneView was revealed in June: CVE-2025-37101<\/a>, a local elevation of privilege issue which relates specifically to OneView for VMware vCenter. If exploited, an attacker with read only privilege could upgrade their access to allow them to perform admin actions.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

A maximum severity remote code execution vulnerability in Hewlett Packard Enterprise (HPE) OneView network and systems management suite is \u201cbad\u201d and needs to be patched immediately, says a cybersecurity expert. \u201cVendors typically downplay the severity of a vulnerability,\u201d says Curtis Dukes, executive VP for security best practices at the Center for Internet Security, \u201cbut HPE […]<\/p>\n","protected":false},"author":0,"featured_media":6275,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-6274","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/6274"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6274"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/6274\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/6275"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6274"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6274"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6274"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}