🔴 CVE-2025-37164

CVE-2025-37164 is a critical unauthenticated remote code execution vulnerability in HPE OneView with a perfect CVSS score of 10.0. CISA has added this to their KEV catalog due to active exploitation in the wild, and a Metasploit module exists for exploitation.

← Back to Overview
HIGH_RISK
Risk Level
10.0
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 — Exploit Public-Facing Application
ATT&CK Technique
HIGH
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-12-16

Added to CISA KEV: 2026-01-07 22 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-01-07)

Here's what is known about the CVE-2025-37164 vulnerability:

General Information:
  • CVE-2025-37164 is a remote code execution (RCE) vulnerability that exists in HPE OneView [1].
  • All versions below 11.00 are vulnerable if the vendor-supplied hotfix has not been applied [1].
Exploitation Details:
  • The vulnerability can be exploited to achieve unauthenticated RCE against Hewlett Packard Enterprise (HPE) OneView [1].
CISA Status:
  • CISA has added CVE-2025-37164 to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation [3][4].
  • CISA maintains the KEV catalog as an authoritative source of vulnerabilities exploited in the wild [2].
  • Organizations should use the KEV catalog to inform their vulnerability management prioritization framework [2].
Affected Applications/Services:
  • HPE OneView is affected [1].
Attack Vectors/Exploitation Methods:
  • The vulnerability allows for unauthenticated remote code execution [1].
Internet-Facing Applications:
  • While not explicitly stated, the nature of a remote code execution vulnerability in HPE OneView suggests it could potentially affect internet-facing applications or services if the OneView instance is exposed.
Targeted Attacks:
  • The provided information does not specifically confirm if CVE-2025-37164 has been used in targeted attacks.
Technical Details/Internet Exploitability:
  • The vulnerability allows unauthenticated RCE, indicating it may be exploitable over a network without requiring prior authentication [1].

Sources

  1. CVE-2025-37164 : A remote code execution issue exists in HPE OneView.

    CVE-2025-37164 : A remote code execution issue exists in HPE OneView.This module exploits an unauthenticated RCE vulnerability, CVE-2025-37164, against Hewlett Packard Enterprise (HPE) OneView. All versions below 11.00 are vulnerable (so long as the vendor supplied hotfix has not been applied), howe…

  2. Known Exploited Vulnerabilities Catalog

    For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catal…

  3. CISA Adds One Known Exploited Vulnerability to Catalog

    CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

  4. CISA Adds One Vulnerability to the KEV Catalog

    CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed