HPE Patches Critical Flaw in IT Infrastructure Management Software
Tracked as CVE-2025-37164, the critical flaw could allow unauthenticated, remote attackers to execute arbitrary code. The post HPE Patches Critical Flaw in IT Infrastructure Management Software appeared first on SecurityWeek.
Hewlett Packard Enterprise (HPE) this week announced patches for a critical-severity remote code execution vulnerability in its OneView IT infrastructure management software.
Tracked as CVE-2025-37164 (CVSS score of 10), the security defect can be exploited without authentication, the company notes in a barebones advisory.
HPE makes no mention of the flaw being exploited in the wild, but urges customers to update to a fixed release as soon as possible.
Source: https://www.securityweek.com/hpe-patches-critical-flaw-in-it-infrastructure-management-software/
Related breach coverage
- Ivanti EPM Update Patches Critical Remote Code Execution Flaw2025-12-10
The XSS vulnerability could allow remote attackers to execute arbitrary JavaScript code with administrator privileges. The post Ivanti EPM Update Patches Critical Remote Code Execution Flaw appeared first on SecurityWeek.
- Ivanti Patches Exploited EPMM Zero-Days2026-01-30
The critical-severity vulnerabilities could allow unauthenticated attackers to execute arbitrary code remotely. The post Ivanti Patches Exploited EPMM Zero-Days appeared first on SecurityWeek.
- Fortinet Patches Critical FortiSandbox Vulnerabilities2026-04-15
The flaws could allow attackers to bypass authentication or execute arbitrary code or commands via HTTP requests. The post Fortinet Patches Critical FortiSandbox Vulnerabilities appeared first on SecurityWeek.
- Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw2025-12-18
Hewlett Packard Enterprise (HPE) fixed a critical OneView flaw that could allow attackers to achieve remote code execution. Hewlett Packard Enterprise (HPE) addressed a maximum-severity security vulnerability, tracked as CVE-2025-37164 (CVSS score of 10.0), in OneView Software. An attacker can exploit the flaw to achieve remote code execution. HPE OneView is an integrated IT management […]