CVE-2025-37164
CVE-2025-37164
In short
HPE OneView has a critical flaw that allows attackers to run malicious code remotely on affected systems. This means an attacker can take complete control of the system without needing special access or credentials.
Technical detail
Remote code execution vulnerability in HPE OneView (CWE-94: Improper Control of Generation of Code) allows unauthenticated or low-privileged attackers to execute arbitrary code through network vectors. The vulnerability has a CVSS score of 10.0, indicating complete system compromise with no prerequisites.
Summary generated and translated by AI from the official description.
A remote code execution issue exists in HPE OneView.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
Hewlett Packard Enterprise (HPE) · HPE OneViewpublic PoCs found — 4
githubgithub.com/g0vguy/CVE-2025-37164-PoC★ 6githubgithub.com/rxerium/CVE-2025-37164★ 2githubgithub.com/LACHHAB-Anas/Exploit_CVE-2025-37164★ 1cve_referencegithub.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/hpe_oneview_rce.rbunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/hpe_oneview_rce.rbhttps://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04985en_us&docLocale=en_UShttps://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04985en_us&docLocale=en_US#vulnerability-summary-1https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-37164