CISA Urges Emergency Patching for Actively Exploited HPE OneView Flaw

CISA adds a critical HPE OneView flaw (CVE-2025-37164) to its KEV catalogue with a Jan 28 deadline. Learn how this 10.0 RCE bug puts server infrastructure at risk.

If your office uses Hewlett Packard Enterprise (HPE) OneView to manage its servers and networking, you need to check your software version immediately. A major security flaw has been discovered that enables hackers to take control of systems without requiring a login or password.

The situation is serious enough that the US government has stepped in, giving agencies a strict deadline to update their systems before the end of the month. It has officially added this issue to its Known Exploited Vulnerabilities (KEV) catalogue. As we know it, when CISA puts a flaw on this list, it is a signal for everyone to act immediately.

The Problem: An Unlocked Door

The flaw was discovered and reported to HPE by Vietnamese security ...