Remote Code Execution Vulnerability in HPE OneView
CVE-2025-37164
Key Information:
- Vendor
HP (HP)
- Status
- Vendor
- CVE Published:
- 16 December 2025
Badges
What is CVE-2025-37164?
CVE-2025-37164 is a significant remote code execution vulnerability found in HPE OneView, a management software that enables IT administrators to manage and oversee their hardware and integrated systems. This vulnerability poses a serious threat as it can allow attackers to execute arbitrary code on the affected system remotely, potentially compromising sensitive data and adversely affecting the operation of organizational infrastructure. The implications of this vulnerability extend to any organization utilizing HPE OneView, as a successful exploit could result in unauthorized access to critical systems, manipulation of configurations, and even service disruptions.
Potential Impact of CVE-2025-37164
-
Unauthorized Remote Access: Exploitation of this vulnerability could grant attackers unauthorized control over systems, allowing them to execute malicious payloads and perform unauthorized actions that could compromise IT environments.
-
Data Breach and Loss: With the ability to execute arbitrary code, attackers might gain access to sensitive information, leading to data breaches that can have severe legal and financial consequences for organizations.
-
Operational Disruption: An exploit could lead to significant operational disruptions, as critical services managed by HPE OneView may be affected. This could result in downtime, loss of productivity, and potential harm to an organization’s reputation and customer trust.
CISA has reported CVE-2025-37164
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-37164 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
HPE OneView 0 < 11.00
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
HackreadCVE-2025-37164CISA Urges Emergency Patching for Actively Exploited HPE OneView Flaw
If your office uses Hewlett Packard Enterprise (HPE) OneView to manage its servers and networking, you need to check your software version immediately. A major security flaw has been discovered that enables...
3 days ago
Help Net SecurityWeek in review: PoC for Trend Micro Apex Central RCE released, Patch Tuesday forecast - Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Pharma’s most underestimated cyber risk isn’t a breach
3 days ago
MalwarebytesCVE-2025-37164CISA warns of active attacks on HPE OneView and legacy PowerPoint
Two actively exploited flaws—one brand new, one 16 years old—have been added to CISA’s KEV catalog, signaling urgent patching.
6 days ago
References
EPSS Score
81% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 💰
Used in Ransomware
- 🦅
CISA Reported
- 📈
Vulnerability started trending
- 🟡
Public PoC available
- 👾
Exploit known to exist
- 📰
First article discovered by Red Hot Cyber
Vulnerability published
Vulnerability Reserved