Unauthorized Access Vulnerability in HPE Cray Data Virtualization Service
CVE-2025-37088

6.8MEDIUM

Key Information:

Vendor: HP (HP)
Status: HP Cray Data Virtualization Service (dvs)
Vendor: CVE Published:; 22 April 2025

Summary

A significant security vulnerability has been identified within the HPE Cray Data Virtualization Service, which stems from race conditions and specific configurations. This could potentially allow unauthorized users to gain access to local and cluster environments, raising substantial concerns for data security and integrity. It is crucial for users of the service to review their configurations and apply necessary security measures to mitigate the risks associated with this vulnerability.

Affected Version(s)

HPE Cray Data Virtualization Service (DVS) 0

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 22, 2025
Vulnerability Reserved
Apr 16, 2025