- HPE fixes critical RCE flaw (CVE‑2025‑37164) in OneView, severity 10/10
- The exploit could allow attackers to reconfigure servers, deploy malware, or create persistent backdoors.
- Users should upgrade to version 11.0 or apply an emergency hotfix immediately.
HPE has fixed a maximum severity vulnerability in its OneView platform that could cause several issues for businesses.
HPE OneView is a centralized infrastructure management platform that allows administrators to deploy, monitor and manage HPE servers, storage and networks through a single software-defined interface. The product is essential in an enterprise environment because it has centralized control over server hardware, firmware, storage, and network configurations.
If a cybercriminal gains access, they could reconfigure servers, deploy malicious firmware, disrupt workloads, or create persistent infrastructure-level backdoors. This could lead to widespread outages, data theft, and long-term compromises that are difficult to detect, and since OneView operates below the operating system layer, traditional security tools may not detect or stop abuse.
Updates and revisions
HPE recently published a new security advisory and released a patch, but did not detail the vulnerability other than to say that it is a remote code execution (RCE) flaw available to unauthenticated users.
The bug is tracked as CVE-2025-37164 and has a severity rating of 10/10 (critical). Affects HPE OneView versions 5-20 through 10.20.
“A potential security vulnerability has been identified in Hewlett Packard Enterprise OneView software,” HPE said in its advisory. “This vulnerability could be exploited, allowing an unauthenticated remote user to perform remote code execution.”
The key word here is “could”, which means that HPE has not yet seen abuses in the wild. However, given its severity and disruptive potential, it is safe to assume that cybercriminals are already looking for ways to put it to work, especially ransomware operators who need broad access to be successful.
If you are running HPE OneView, you should upgrade to version 11.0 or apply the emergency hotfix without hesitation. The OneView virtual appliance and HPE Synergy were said to have separate fixes.
Through The Registry
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
