A week in security (January 5 – January 11)

Last week on Malwarebytes Labs: pcTattletale founder pleads guilty as US cracks down on stalkerware Are we ready for ChatGPT Health? CISA warns of active attacks on HPE OneView and legacy PowerPoint Lego’s Smart Bricks explained: what they do, and what they don’t Fake WinRAR downloads hide malwar...

CVE-2022-23699

A local authentication restriction bypass vulnerability was discovered in HPE OneView versions: Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView...

CVE-2022-23697

A remote cross-site scripting xss vulnerability was discovered in HPE OneView versions: Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView...

CVE-2022-23700

A local unauthorized read access to files vulnerability was discovered in HPE OneView versions: Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView...

CVE-2022-23698

A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView versions: Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView...

CVE-2022-37935

HPE OneView for VMware vCenter, in certain circumstances, may disclose the “HPE OneView” Username and Password...

CVE-2019-11992

A security vulnerability in HPE OneView for VMware vCenter 9.5 could be exploited remotely to allow Cross-Site Scripting...

CVE-2022-37927

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Hewlett Packard Enterprise HPE OneView Global Dashboard OVGD...

CVE-2023-50274

HPE OneView may allow command injection with local privilege escalation...

CVE-2023-50275

HPE OneView may allow clusterService Authentication Bypass resulting in denial of service...

CISA warns of active attacks on HPE OneView and legacy PowerPoint

The US Cybersecurity and Infrastructure Security Agency CISA added both a newly discovered flaw and a much older one to its catalog of Known Exploited Vulnerabilities KEV. The KEV catalog gives Federal Civilian Executive Branch FCEB agencies a list of vulnerabilities that are known to be exploite...

CISA Flags Microsoft Office and HPE OneView Bugs as Actively Exploited

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Wednesday added two security flaws impacting Microsoft Office and Hewlett Packard Enterprise HPE OneView to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerabilities are listed bel...

HPE OneView RCE (CVE-2025-37164)

The remote HPE OneView appliance is affected by an remote code execution vulnerability. An unauthenticated, remote attacker can exploit this. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable...

Exploit for Code Injection in Hpe Oneview

ExploitCVE-2025-37164 ! This Script is made for educationa...

VulnCheck KEV: CVE-2025-37164

A remote code execution issue exists in HPE OneView...

📄 HPE OneView Unauthenticated Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability against Hewlett Packard Enterprise HPE OneView. All versions below 11.00 are vulnerable so long as the vendor supplied hotfix has not been applied, however some VM product versions do not enable the vulnerable...

HPE OneView unauthenticated RCE

This module exploits an unauthenticated RCE vulnerability, CVE-2025-37164, against Hewlett Packard Enterprise HPE OneView. All versions below 11.00 are vulnerable so long as the vendor supplied hotfix has not been applied, however some VM product versions do not enable the vulnerable "ID Pools"...

Exploit for CVE-2025-37164

CVE-2025-37164 - HPE OneView Unauthenticated RCE PoC Proof-of...

HPE OneView id-pools command execution

Added: 12/19/2025 Background HPE OneView is integrated IT infrastructure management software. Problem A vulnerability in the id-pools feature allow remote attackers to execute arbitrary commands by sending a PUT request to the executeCommand API endpoint. Resolution Apply the hotfix referenced in...

HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution

Hewlett Packard Enterprise HPE has resolved a maximum-severity security flaw in OneView Software that, if successfully exploited, could result in remote code execution. The critical vulnerability, assigned the CVE identifier CVE-2025-37164 , carries a CVSS score of 10.0. HPE OneView is an IT...