CVE-2025-37164 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	10 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
hpe	CNA	10 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 98%

Common Weakness Enumeration

CWE-94 - Improper Control of Generation of Code ('Code Injection')
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Vulnerability Media Exposure

[GERMAN] HPE OneView: Kritische Lücke erlaubt Codeschmuggel aus dem Netz
In HPEs OneView können bösartige Akteure aus dem Netz ohne Authentifizierung Schadcode einschleusen. Ein Update steht bereit.
Published: 2025-12-17T09:58:00+00:00
[GERMAN] HPE OneView: Schwachstelle ermöglicht Codeausführung
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in HPE OneView ausnutzen, um beliebigen Programmcode auszuführen.
Published: 2025-12-16T23:00:00+00:00
[ENGLISH] HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution
Hewlett Packard Enterprise (HPE) has resolved a maximum-severity security flaw in OneView Software that, if successfully exploited, could result in remote code execution. The critical vulnerability, assigned the CVE identifier CVE-2025-37164, carries a CVSS score of 10.0. HPE OneView is an IT infrastructure management software that streamlines IT operations and controls all systems via a
Published: 2025-12-18T20:09:00+05:30
[ENGLISH] HPE tells customers to patch fast as OneView RCE bug scores a perfect 10
Maximum-severity vuln lets unauthenticated attackers execute code on trusted infra management platform Hewlett Packard Enterprise has told customers to drop whatever they're doing and patch OneView after admitting a maximum-severity bug could let attackers run code on the management platform without so much as a login prompt.…
Published: 2025-12-19T13:03:05+00:00
[ENGLISH] ⚡ Weekly Recap: Firewall Exploits, AI Data Theft, Android Hacks, APT Attacks, Insider Leaks & More
Cyber threats last week showed how attackers no longer need big hacks to cause big damage. They’re going after the everyday tools we trust most — firewalls, browser add-ons, and even smart TVs — turning small cracks into serious breaches. The real danger now isn’t just one major attack, but hundreds of quiet ones using the software and devices already inside our networks. Each trusted system can
Published: 2025-12-22T17:30:00+05:30

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn4985en_us&docLocale=en_US

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/hpe_oneview_rce.rb

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04985en_us&docLocale=en_US#vulnerability-summary-1