HPE tells customers to patch OneView immediately as top-level security flaw spotted

• HPE patches critical RCE flaw (CVE‑2025‑37164) in OneView, severity 10/10
• Exploitation could allow attackers to reconfigure servers, deploy malware, or create persistent backdoors
• Users must upgrade to version 11.0 or apply emergency hotfix immediately

HPE has patched a maximum-severity vulnerability in its OneView platform which could cause quite several problems to enterprises.

HPE OneView is a centralized infrastructure management platform that lets administrators deploy, monitor, and manage HPE servers, storage, and networking through a single software-defined interface. The product is critical in an enterprise environment because it has centralized control over server hardware, firmware, storage, and network configurations.

If a cybercriminal gains access, they could reconfigure servers, deploy malicious firmware, disrupt workloads, or create persistent backdoors at the infrastructure level. This could lead to widespread outages, data theft, and long-term compromise that is difficult to detect, and since OneView operates below the operating ...