HPE OneView - Remote Code Execution

HPE OneView contains a remote code execution vulnerability, letting remote attackers execute arbitrary code. id: CVE-2025-37164 info: name: HPE OneView - Remote Code Execution author: DhiyaneshDk,garciaizcoa severity: critical description: | HPE OneView contains a remote code execution...

A week in security (January 5 – January 11)

Last week on Malwarebytes Labs: pcTattletale founder pleads guilty as US cracks down on stalkerware Are we ready for ChatGPT Health? CISA warns of active attacks on HPE OneView and legacy PowerPoint Lego’s Smart Bricks explained: what they do, and what they don’t Fake WinRAR downloads hide malwar...

CISA Urges Emergency Patching for Actively Exploited HPE OneView Flaw

CISA adds a critical HPE OneView flaw CVE-2025-37164 to its KEV catalogue with a Jan 28 deadline. Learn how this 10.0 RCE bug puts server infrastructure at risk...

CVE-2022-23699

A local authentication restriction bypass vulnerability was discovered in HPE OneView versions: Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView...

CVE-2022-23697

A remote cross-site scripting xss vulnerability was discovered in HPE OneView versions: Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView...

CVE-2022-23700

A local unauthorized read access to files vulnerability was discovered in HPE OneView versions: Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView...

CVE-2022-23698

A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView versions: Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView...

CVE-2022-37935

HPE OneView for VMware vCenter, in certain circumstances, may disclose the “HPE OneView” Username and Password...

CVE-2019-11992

A security vulnerability in HPE OneView for VMware vCenter 9.5 could be exploited remotely to allow Cross-Site Scripting...

CVE-2020-7198

There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to Oneview and Synergy Composer: Update to version 5.5 of OneView, Composer, or Composer2...

CVE-2022-37927

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Hewlett Packard Enterprise HPE OneView Global Dashboard OVGD...

CVE-2023-50274

HPE OneView may allow command injection with local privilege escalation...

CVE-2023-50275

HPE OneView may allow clusterService Authentication Bypass resulting in denial of service...

CISA warns of active attacks on HPE OneView and legacy PowerPoint

The US Cybersecurity and Infrastructure Security Agency CISA added both a newly discovered flaw and a much older one to its catalog of Known Exploited Vulnerabilities KEV. The KEV catalog gives Federal Civilian Executive Branch FCEB agencies a list of vulnerabilities that are known to be exploite...

CISA Flags Microsoft Office and HPE OneView Bugs as Actively Exploited

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Wednesday added two security flaws impacting Microsoft Office and Hewlett Packard Enterprise HPE OneView to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerabilities are listed bel...

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2009-0556link is external Microsoft Office PowerPoint Code Injection Vulnerability CVE-2025-37164link is external HPE OneView Code Injection Vulnerability These...

HPE OneView RCE (CVE-2025-37164)

The remote HPE OneView appliance is affected by an remote code execution vulnerability. An unauthenticated, remote attacker can exploit this. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable...

Hewlett Packard Enterprise (HPE) OneView Code Injection Vulnerability

Hewlett Packard Enterprise HPE OneView contains a code injection vulnerability that allows a remote unauthenticated user to perform remote code execution...

Exploit for Code Injection in Hpe Oneview

ExploitCVE-2025-37164 ! This Script is made for educationa...

Vulnerability fixed in HPE OneView Software

HPE has fixed a vulnerability in the HPE OneView Software. The vulnerability is in the way the OneView Software handles remote requests. When HPE OneView Software is accessible over the Internet, unauthenticated remote users can execute code. This could allow attackers to gain control of affected...