vulnerability

Hewlett Packard Enterprise OneView: CVE-2025-37164: Improper Control of Generation of Code ('Code Injection')

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	Dec 16, 2025	Dec 18, 2025	Jan 21, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Dec 16, 2025

Added

Dec 18, 2025

Modified

Jan 21, 2026

Description

A potential security vulnerability has been identified in Hewlett Packard Enterprise OneView Software. This vulnerability could be exploited, allowing a remote unauthenticated user to perform remote code execution.

Solution

hpe-oneview-upgrade-latest

References

CVE-2025-37164
https://attackerkb.com/topics/CVE-2025-37164
URL-https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04985en_us
URL-https://www.rapid7.com/blog/post/etr-cve-2025-37164-critical-unauthenticated-rce-affecting-hewlett-packard-enterprise-oneview/
CWE-94

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today