The vulnerability of the processAttachmentDataStream function in the software for remote monitoring, management, and support of servers and data storage systems in HPE Insight Remote Support allows a attacker to execute arbitrary code.

🗓️ 25 Jun 2025 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

ProcessAttachmentDataStream vulnerability in Insight Remote Support enables remote code execution via path traversal.

Reporter	Title	Published	Views	Family All 12
ATTACKERKB	CVE-2025-37099	1 Jul 202518:15	–	attackerkb
Circl	CVE-2025-37099	5 Jun 202503:00	–	circl
CNNVD	HPE Insight Remote Support 安全漏洞	1 Jul 202500:00	–	cnnvd
CVE	CVE-2025-37099	1 Jul 202517:30	–	cve
Cvelist	CVE-2025-37099	1 Jul 202517:30	–	cvelist
EUVD	EUVD-2025-19668	3 Oct 202520:07	–	euvd
NVD	CVE-2025-37099	1 Jul 202518:15	–	nvd
OSV	CVE-2025-37099	1 Jul 202518:15	–	osv
Positive Technologies	PT-2025-23951 · Hewlett Packard · Hp Enterprise Insight Remote Support	4 Jun 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-37099	3 Jul 202518:10	–	redhatcve

Vulners

Node

hp hpe_insight_remote_supportRange<7.15.0.646

Source	Link
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-CAN-25954/
support	www.support.hpe.com/hpesc/public/docDisplay
web	www.web.nvd.nist.gov/view/vuln/detail
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-25-325/

25 Jun 2025 00:00Current

8.2High risk

Vulners AI Score8.2

CVSS 39.8

CVSS 210

EPSS0.01261

processAttachmentDataStream Insight Remote Support path traversal remote code execution restricted access directory