HPE OneView Suffers Critical Remote Code Execution

Hewlett Packard Enterprise disclosed on December 17, 2025 that OneView contains a critical unauthenticated remote code execution vulnerability, tracked as CVE-2025-37164 with a CVSS score of 10.0. The flaw affects versions prior to 11.0 and HPE released a patch upgrading OneView to 11.0; there are no known mitigations, prompting urgent upgrades to protect data center infrastructure.
Key Points
- 1Reports confirm unauthenticated remote code execution in OneView (CVE-2025-37164), CVSS 10.0.
- 2Highlights risk because OneView manages servers, storage, and networking across enterprise data centers.
- 3Urgent action requires upgrading to OneView 11.0; no known mitigations, audit for internet exposure.
Scoring Rationale
High urgency and enterprise-wide scope, driven by official HPE advisory and CVSS 10.0; limited to infrastructure management domain.
Sources
Public references used for this report.
Practice with real Retail & eCommerce data
90 SQL & Python problems · 15 industry datasets
250 free problems · No credit card
See all Retail & eCommerce problems

