⚠️ CISA Known Exploited Vulnerability
Active ThreatThis vulnerability is listed in CISA's Known Exploited Vulnerabilities (KEV) catalog. Active exploitation has been observed in the wild. This poses significant risk to federal enterprises and should be prioritized for immediate patching.
CVE-2025-37164
Critical CISA KEV
Low
Medium
High
Critical
10.0
CVSS Score
Published: Dec 16, 2025
Last Modified: Jan 08, 2026
Vulnerability Description
A remote code execution issue exists in HPE OneView.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
N
Attack Complexity
L
Privileges Required
N
User Interaction
N
Scope
C
Confidentiality
H
Integrity
H
Availability
H
Known Affected Software
2 configuration(s) from 1 vendor(s)
oneview
Version:
8.60.00
CPE:
cpe:2.3:a:hpe:oneview:8.60.00:*:*:*:*:*:*:*
oneview
Version:
8.30.01
CPE:
cpe:2.3:a:hpe:oneview:8.30.01:*:*:*:*:*:*:*
This vulnerability affects 2 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04985en_us&docLocale=en_USsecurity-alert@hpe.com Vendor Advisory
-
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/hpe_oneview_rce.rb134c704f-9b21-4f2e-91b3-4a467353bcc0 Exploit
-
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04985en_us&docLocale=en_US#vulnerability-summary-1134c704f-9b21-4f2e-91b3-4a467353bcc0 Vendor Advisory
-
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-37164134c704f-9b21-4f2e-91b3-4a467353bcc0 US Government Resource
Severity Details
10.0
out of 10.0
Critical
CISA KEV Status
Active Exploitation
Listed in CISA's Known Exploited Vulnerabilities catalog
Key Information
- Published Date
- December 16, 2025
