What's Happening?
Hewlett Packard Enterprise (HPE) has released patches for a critical remote code execution vulnerability in its OneView IT infrastructure management software. The flaw, identified as CVE-2025-37164, has a CVSS score of 10 and can be exploited without authentication. HPE has urged users to update to a fixed release immediately. The vulnerability affects all OneView versions up to 10.20, and HPE has provided hotfixes for users. The flaw involves an HTTP rule in the webserver that allows access to a REST API endpoint without authentication, potentially leading to remote code execution.
Why It's Important?
The patching of this critical vulnerability is crucial for maintaining the security of IT infrastructure managed by HPE's OneView software. Unpatched systems could
be at risk of unauthorized access and control, which could lead to significant data breaches or system disruptions. By addressing this flaw, HPE is helping to protect its customers from potential cyber threats. This incident underscores the importance of timely software updates and the need for organizations to remain vigilant about cybersecurity threats.
