Critical HPE OneView Vulnerability Exposes Enterprises to Remote Code Execution
A critical security flaw has been identified in Hewlett Packard Enterprise’s (HPE) OneView platform, a widely used IT infrastructure management tool. This vulnerability, designated as CVE-2025-37164, has been assigned the highest possible severity rating with a CVSS score of 10.0, indicating an immediate and severe risk to enterprise environments.
Understanding the Vulnerability
The core of this issue resides in the ID-Pools REST API endpoint of HPE OneView. Specifically, the vulnerability is linked to the ‘executeCommand’ parameter, which, due to an oversight, does not require authentication. This lapse allows attackers to send crafted JSON commands, such as initiating a reverse shell, which the server executes with elevated privileges.
Security researchers have released a Proof-of-Concept (PoC) exploit for this vulnerability, and a corresponding Metasploit module is now publicly available. This development significantly lowers the barrier for potential attackers to exploit the flaw, increasing the urgency for organizations to address the issue promptly.
Affected Versions and Immediate Actions
HPE has confirmed that all versions of OneView prior to 11.0 are susceptible to this vulnerability. Notably, the ‘id-pools’ feature, which is central to this flaw, is primarily active in HPE OneView for HPE Synergy and specific versions of HPE OneView for VMs (Branch 6.x).
In response, HPE has released a hotfix that addresses the vulnerability by blocking access to the compromised URL path. Given the availability of public exploit code and the high-level privileges associated with OneView management consoles, it is imperative for administrators to apply this patch without delay.
Recommendations for Administrators
1. Verify OneView Version: Determine the current version of your HPE OneView installation.
2. Apply the Hotfix: If running a version prior to 11.0, implement the vendor-supplied hotfix immediately to mitigate the risk.
3. Monitor Systems: Continuously monitor your infrastructure for any signs of unauthorized access or unusual activity.
4. Review Security Protocols: Assess and enhance your organization’s security measures to prevent similar vulnerabilities in the future.
By taking these steps, organizations can protect their physical and virtual infrastructures from potential exploitation stemming from this critical vulnerability.
