VulnCheck KEV: CVE-2025-37164

A remote code execution issue exists in HPE OneView...

📄 HPE OneView Unauthenticated Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability against Hewlett Packard Enterprise HPE OneView. All versions below 11.00 are vulnerable so long as the vendor supplied hotfix has not been applied, however some VM product versions do not enable the vulnerable...

HPE OneView unauthenticated RCE

This module exploits an unauthenticated RCE vulnerability, CVE-2025-37164, against Hewlett Packard Enterprise HPE OneView. All versions below 11.00 are vulnerable so long as the vendor supplied hotfix has not been applied, however some VM product versions do not enable the vulnerable "ID Pools"...

Exploit for CVE-2025-37164

CVE-2025-37164 - HPE OneView Unauthenticated RCE PoC Proof-of...

HPE OneView id-pools command execution

Added: 12/19/2025 Background HPE OneView is integrated IT infrastructure management software. Problem A vulnerability in the id-pools feature allow remote attackers to execute arbitrary commands by sending a PUT request to the executeCommand API endpoint. Resolution Apply the hotfix referenced in...

CVE-2025-37164: Critical unauthenticated RCE affecting Hewlett Packard Enterprise OneView

Overview On December 17, 2025, Hewlett Packard Enterprise HPE published an advisory for CVE-2025-37164, a CVSS 10.0 vulnerability in HPE OneView. The vulnerability, which was reported to HPE by security researcher Nguyen Quoc Khanh, facilitates unauthenticated remote code execution RCE on version...

HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution

Hewlett Packard Enterprise HPE has resolved a maximum-severity security flaw in OneView Software that, if successfully exploited, could result in remote code execution. The critical vulnerability, assigned the CVE identifier CVE-2025-37164 , carries a CVSS score of 10.0. HPE OneView is an IT...

CVE-2025-37164

A remote code execution issue exists in HPE OneView...

CVE-2025-37164

A remote code execution issue exists in HPE OneView...

CVE-2025-37164

A remote code execution issue exists in HPE OneView...

CVE-2025-37164

A remote code execution issue exists in HPE OneView...

EUVD-2025-203803

A remote code execution issue exists in HPE OneView...

CVE-2025-37164

A remote code execution issue exists in HPE OneView...

CVE-2025-37164

CVE-2025-37164 is a remote unauthenticated remote code execution vulnerability in HPE OneView . The flaw resides in the vulnerable PUT /rest/id-pools/executeCommand endpoint, which passes user-controlled input to Runtime.exec(), enabling code execution. Affects versions prior to 11.0; a patch upg...

HPE OneView 安全漏洞

HPE OneView is an integrated IT infrastructure management software from HPE, USA. A security vulnerability exists in HPE OneView that stems from vulnerability to remote code execution attacks...

PT-2025-51738

Name of the Vulnerable Software and Affected Versions HPE OneView versions prior to 11.00 Description HPE OneView contains a remote code execution issue that allows a remote unauthenticated user to execute arbitrary code. This vulnerability, tracked as CVE-2025-37164, has a CVSS score of 10.0 and...

EUVD-2014-2634

Malware in sbrugna...

EUVD-2019-3648

Malware in sbrugna...

EUVD-2020-28332

Malware in sbrugna...

EUVD-2021-15856

Malware in sbrugna...