Current Cyber Threats

HPE Warns of Maximum Severity RCE Flaw in OneView Software

Summary:
Hewlett Packard Enterprise (HPE) issued a critical security bulletin regarding a maximum-severity remote code execution (RCE) vulnerability in its OneView infrastructure management software. Identified as CVE-2025-37164, the flaw allows a remote, unauthenticated attacker to execute arbitrary code on the underlying appliance.

The vulnerability, reported by security researcher Nguyen Quoc Khanh (brocked200), stems from a low-complexity code injection weakness. It affects all versions of HPE OneView prior to version 11.00, including virtual appliances and HPE Synergy Composer modules.

Security Officer Comments:
CVE-2025-37164 is categorized as a "keys to the kingdom" vulnerability. Because OneView orchestrates critical infrastructure components, a successful exploit provides an attacker with high-level administrative control over the entire managed ecosystem.

The unauthenticated nature of the exploit, combined with its low technical complexity, makes it an ideal target for initial access brokers and ransomware operators seeking to move laterally or cause widespread disruption. Compromise of the management plane often allows attackers to bypass traditional endpoint security by manipulating hardware configurations, disabling logs, or exfiltrating data directly from storage arrays.

Additionally, the lack of known workarounds means that exposed instances remain fully vulnerable until a patch or hotfix is applied, increasing the urgency for organizations with internet-facing or poorly segmented management interfaces.

Suggested Corrections:

  • Upgrade HPE OneView to version 11.00 or later.
  • For organizations unable to perform a full version upgrade immediately, HPE has released security hotfixes for legacy versions ranging from v5.20 through v10.20.
    • Network defenders should note a critical operational nuance: the security hotfix must be reapplied if an appliance is upgraded from version 6.60.xx to 7.00.00, or following any HPE Synergy Composer reimaging.
  • Beyond patching, it is strongly recommended that management interfaces be isolated within a dedicated, restricted management VLAN with strict access control lists (ACLs) to prevent unauthorized network access.
  • Defenders should also monitor for unusual outbound traffic from OneView appliances and audit for unauthorized configuration changes in the managed infrastructure as indicators of potential exploitation.

Link(s):
https://support.hpe.com/hpesc/publi...en_us&docLocale=en_US#vulnerability-summary-1

Contact Us for Threat Assistance

Back to Current Threats