Remote Code Execution Vulnerability in HPE OneView
CVE-2025-37164
Key Information:
- Vendor
HP (HP)
- Status
- Vendor
- CVE Published:
- 16 December 2025
Badges
What is CVE-2025-37164?
CVE-2025-37164 is a significant remote code execution vulnerability found in HPE OneView, a management software that enables IT administrators to manage and oversee their hardware and integrated systems. This vulnerability poses a serious threat as it can allow attackers to execute arbitrary code on the affected system remotely, potentially compromising sensitive data and adversely affecting the operation of organizational infrastructure. The implications of this vulnerability extend to any organization utilizing HPE OneView, as a successful exploit could result in unauthorized access to critical systems, manipulation of configurations, and even service disruptions.
Potential Impact of CVE-2025-37164
-
Unauthorized Remote Access: Exploitation of this vulnerability could grant attackers unauthorized control over systems, allowing them to execute malicious payloads and perform unauthorized actions that could compromise IT environments.
-
Data Breach and Loss: With the ability to execute arbitrary code, attackers might gain access to sensitive information, leading to data breaches that can have severe legal and financial consequences for organizations.
-
Operational Disruption: An exploit could lead to significant operational disruptions, as critical services managed by HPE OneView may be affected. This could result in downtime, loss of productivity, and potential harm to an organization’s reputation and customer trust.
CISA has reported CVE-2025-37164
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-37164 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
HPE OneView 0 < 11.00
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Techzine GlobalCVE-2025-37164RondoDox botnet exploits HPE OneView vulnerability on a massive scale
RondoDox botnet launches massive attack campaign on HPE OneView vulnerability. Check Point blocks 40,000 attempts, CISA warns.
3 weeks ago
Infosecurity MagazineCVE-2025-37164RondoDox Botnet Targets HPE OneView Vulnerability in Exploitation Wave
Check Point Research has reported a surge in attacks on a vulnerability in HPE OneView, driven by the Linux-based RondoDox botnet
3 weeks ago
CXOToday.comCVE-2025-37164Patch Now: Active Exploitation Underway for Critical HPE OneView Vulnerability
Check Point Research identified active, large-scale exploitation of CVE-2025-37164, a critical remote code execution vulnerability affecting HPE OneView. The exploitation campaign is attributed to the RondoDox botnet and escalated rapidly to tens of thousands of automated attack attempts. Check Poin...
3 weeks ago
References
EPSS Score
86% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 💰
Used in Ransomware
- 🦅
CISA Reported
- 📈
Vulnerability started trending
- 🟡
Public PoC available
- 👾
Exploit known to exist
- 📰
First article discovered by Red Hot Cyber
Vulnerability published
Vulnerability Reserved