Critical HPE OneView Vulnerability Exploited in Attacks
The maximum-severity code injection flaw can be exploited without authentication for remote code execution. The post Critical HPE OneView Vulnerability Exploited in Attacks appeared first on SecurityWeek.
The US cybersecurity agency CISA on Wednesday warned that a critical-severity vulnerability in the OneView product from Hewlett Packard Enterprise (HPE) has been exploited in attacks.
Tracked as CVE-2025-37164 (CVSS score of 10/10), the security defect was disclosed on December 17, 2025, when HPE released hotfixes for it.
HPE credited Nguyen Quoc Khanh for reporting the bug but refrained from sharing technical information.
Source: https://www.securityweek.com/critical-hpe-oneview-vulnerability-exploited-in-attacks/
Related breach coverage
- Critical Grandstream Phone Vulnerability Exposes Calls to Interception2026-02-21
The flaw tracked as CVE-2026-2329 can be exploited without authentication for remote code execution with root privileges. The post Critical Grandstream Phone Vulnerability Exposes Calls to Interception appeared first on SecurityWeek.
- Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability2026-03-23
CVE-2026-21992 can be used without authentication for remote code execution and it may have been exploited in the wild. The post Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability appeared first on SecurityWeek.
- Fresh SolarWinds Vulnerability Exploited in Attacks2026-02-04
The critical-severity SolarWinds Web Help Desk flaw could lead to unauthenticated remote code execution. The post Fresh SolarWinds Vulnerability Exploited in Attacks appeared first on SecurityWeek.
- 2024 VMware Flaw Now in Attackers’ Crosshairs2026-01-26
The critical-severity vulnerability can be exploited via crafted network packets for remote code execution. The post 2024 VMware Flaw Now in Attackers’ Crosshairs appeared first on SecurityWeek.