Remote Code Execution Vulnerability in HPE Insight Remote Support
CVE-2025-37099
What is CVE-2025-37099?
A serious remote code execution vulnerability has been identified in HPE Insight Remote Support that could allow an attacker to execute arbitrary code on affected systems. This vulnerability affects versions prior to v7.15.0.646, posing risks for organizations relying on HPE's services for monitoring and reporting. It is crucial for users to update their products to the latest version to mitigate potential threats.
Affected Version(s)
Insight Remote Support 0
News Articles
SystemTekCVE-2025-37099Hewlett Packard Enterprise Directory Traversal Remote Code Execution Vulnerability (CVE-2025-37099)
- This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Insight Remote Support. Authentication is not required to exploit this vulnerability.
SystemTekCVE-2025-37099Hewlett Packard Enterprise Directory Traversal Remote Code Execution Vulnerability (CVE-2025-37099)
- This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Insight Remote Support. Authentication is not required to exploit this vulnerability.
VulDBCVE-2025-37099CVE-2025-37099 HPE Insight Remote Support processAttachmentDataStream path traversal
A vulnerability was found in HPE Insight Remote Support. It has been classified as very critical. This vulnerability is uniquely identified as CVE-2025-37099. It is recommended to upgrade the affected component.