—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Remote Code Execution Vulnerability in Hewlett Packard Enterprise OneView Software 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: CRITICAL

Systems Affected

All HPE OneView Software versions through v10.20

Overview

A vulnerability has been reported in Hewlett Packard Enterprise (HPE) OneView Software which could allow a remote unauthenticated attacker to execute arbitrary code on the targeted system.

Target Audience:

Organizations and individuals using the affected Hewlett Packard Enterprise OneView Software.

Risk Assessment:

High risk of system compromise and service disruption.

Impact Assessment:

Potential for arbitrary code execution, system compromise and sensitive data exposure.

Description

HPE OneView is a software-defined infrastructure management platform that simplifies and automates managing HPE servers, storage, and networking from a single console, using templates for rapid, consistent deployment (Infrastructure as Code).

This vulnerability exists in Hewlett Packard Enterprise OneView Software due to improper input validation. A remote attacker could exploit this vulnerability by sending specially crafted network requests to the targeted system.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the targeted system.

Solution

Apply appropriate software updates as mentioned by the vendor:

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04985en_us&docLocale=en_US#vulnerability-summary-1

Vendor Information

Hewlett Packard

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04985en_us&docLocale=en_US#vulnerability-summary-1

References

Hewlett Packard

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04985en_us&docLocale=en_US#vulnerability-summary-1

CVE Name

CVE-2025-37164

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmlL9DQACgkQ3jCgcSdc

ys+amw//Tmrhc1cU1PVguOciG5W5mthHORlTD64DOhwqwB/EZINVKHR7KTvob3GD

X5F4u2NQ5pkydCVuBc126h29Rsf0IEyBjlQIeWMV8uOqM0/WO8AO4qDYtzRdkgYv

Z6V2wviO7eoxtjeda+lwjuhgEBrWirKWp9RtVPn3lL/O68Yj0iG6CLpq6HnkhUeZ

edVp31l+Uvkt/rcrxL/ITdE07oBPyioQ7eePMbc23fw4IRmicmb2DXwCQPzXuvt0

n1nqik55QZbnGHgbGLDInIKV0VZM7ZIvEGlFSXYEc1Ujjer3IeyKvzhROVNY/YHW

2A9MckRewjmPORVY7klNK/75DSF8OG9DnlnyplxosheQuDYPc1znUYdatkVBBtXa

yqost1rPJzSQ5SVZBO8JRl2Iww6rPiqwvBQYuBD4yPLlHezMfJsyvrLFyNUh8CrL

COzwN3+7zzUK+Z7bcZ2eTgd1HcgaUe7nXxRrk3KVTao0/TOaRNvHLda8XNakW5O+

mzS0Ifapaln8LWHyprsIKYVMV8RGFGWsLWfmEGm3V4juTZir+YTjg2UiVeoCDDJ3

Z1zuf8oxjnUMjMY9NtJjmK7B1kXFZ7aclgu++5cJbMTF0bSrIhc8RC4hkmw5WWE3

w7EPXjZ9VPKsky10JKYGNeiTgLeRI9vQuB3wrEsQ8aQvu7qPADE=

=3ndq

—–END PGP SIGNATURE—–