CVE-2025-37101

HPE OneView for VMware vCenter (OV4VC), Local Elevation of Privilege

CVSS 8.7 HIGHEPSS 0.3%CWE-269

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 8.7EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

26 Jun 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A potential security vulnerability has been identified in HPE OneView for VMware vCenter (OV4VC). This vulnerability could be exploited allowing an attacker with read only privilege to cause Vertical Privilege Escalation (operator can perform admin actions).

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H

Affected products

Hewlett Packard Enterprise · HPE OneView for VMware vCenter

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04876en_us&docLocale=en_US