CISA Flags Critical HPE OneView Flaw as Actively Exploited

January 8, 2026 Faeem BLOGS 0

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a maximum-severity vulnerability in HPE OneView infrastructure management software, tracked as CVE-2025-37164, which is now confirmed to be actively exploited in the wild.

Vulnerability Details

  • CVE ID: CVE-2025-37164
  • Severity: Critical (max rating)
  • Affected versions: All OneView releases prior to v11.00
  • Attack vector:
    • Exploitable by unauthenticated attackers.
    • Low-complexity code injection leads to remote code execution (RCE).
  • Discovery: Reported by Vietnamese researcher Nguyen Quoc Khanh (brocked200).
  • Patch: Released mid-December 2025 → upgrade to OneView v11.00 or later.
  • Workarounds: None available.

Exploitation & Risks

  • Attackers can gain full remote control of unpatched systems.
  • Exploitation requires no authentication, making it highly dangerous.
  • CISA added CVE-2025-37164 to its Known Exploited Vulnerabilities (KEV) catalog.
  • Federal agencies must patch by January 28, 2026 under Binding Operational Directive (BOD) 22-01.
  • Private sector organizations are strongly urged to patch immediately.

Broader Context

  • July 2025: HPE warned of hardcoded credentials in Aruba Instant On Access Points.
  • June 2025: Patched eight vulnerabilities in StoreOnce backup systems, including RCE and authentication bypass flaws.
  • Enterprise footprint: HPE serves 55,000+ organizations worldwide, including 90% of Fortune 500 companies.

Recommended Actions

  • Immediate patching: Upgrade to OneView v11.00+ via HPE Software Center.
  • If patching delayed:
    • Restrict local/remote access to authorized personnel only.
    • Place management networks behind secure firewalls.
    • Monitor for suspicious activity on OneView servers.
  • Follow CISA guidance: Apply vendor mitigations or discontinue use if patching is not possible.

Takeaway

CVE-2025-37164 is a high-risk, actively exploited flaw with no workarounds. Organizations running HPE OneView must patch immediately to prevent remote compromise. Given HPE’s widespread adoption across critical industries, this vulnerability represents a major attack vector for cyber adversaries.

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.