Cybersecurity

Tags Max Severity Hpe Oneview Flaw As Actively Exploited Cisa

2026-01-08 0 views admin
Tags Max Severity Hpe Oneview Flaw As Actively Exploited Cisa

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged a maximum-severity HPE OneView vulnerability as actively exploited in attacks.

HPE's OneView infrastructure management software helps IT admins automate the management of storage, servers, and networking devices from a centralized interface.

Tracked as CVE-2025-37164, this critical security flaw was reported by Vietnamese security researcher Nguyen Quoc Khanh (brocked200) to HPE, which released security patches in mid-December.

CVE-2025-37164 affects all OneView versions released before v11.00 and can be exploited by unauthenticated threat actors through low-complexity code-injection attacks to gain remote code execution on unpatched systems.

"A potential security vulnerability has been identified in Hewlett Packard Enterprise OneView Software. This vulnerability could be exploited, allowing a remote unauthenticated user to perform remote code execution," HPE warned on December 16.

There are no workarounds or mitigations for CVE-2025-37164, so HPE advised customers to upgrade to OneView version 11.00 or later (available through HPE's Software Center) as soon as possible.

CISA has also added the vulnerability to its catalog of flaws exploited in the wild, giving Federal Civilian Executive Branch (FCEB) agencies three weeks to secure their systems by January 28th, as mandated by the Binding Operational Directive (BOD) 22-01 issued in November 2021.

Even though BOD 22-01 targets only federal agencies, CISA encouraged all organizations, including those in the private sector, to patch their devices against this actively exploited flaw as soon as possible.

"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable," CISA warned on Wednesday.

"These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise," it added.

Source: BleepingComputer

🏷️ Tags

cybersecuritysecurityvulnerabilitycveattack

More from Cybersecurity

Ultimate Guide: Trend Micro Warns Of Critical Apex Central RCE Vulnerability

Ultimate Guide: Trend Micro Warns Of Critical Apex Central RCE Vulnerability

2026-01-09 0
Report: Trend Micro Apex Central RCE Flaw Scores 9.8 Cvss In On-prem...

Report: Trend Micro Apex Central RCE Flaw Scores 9.8 Cvss In On-prem...

2026-01-09 0
Cisa Retires 10 Emergency Cybersecurity Directives Issued Between

Cisa Retires 10 Emergency Cybersecurity Directives Issued Between

2026-01-09 0
Fbi Warns North Korean Hackers Using Malicious Qr Codes In

Fbi Warns North Korean Hackers Using Malicious Qr Codes In

2026-01-09 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views