What is CVE-2025-37164?
CVE-2025-37164 is a critical unauthenticated remote code execution (RCE) vulnerability affecting HPE OneView, an enterprise infrastructure management platform used to control servers, storage, and firmware at scale. The issue is caused by improper input handling in a network-accessible API endpoint, allowing a remote attacker to execute arbitrary code without authentication.
From an attacker perspective, this vulnerability provides direct access to the OneView management plane. Because OneView typically operates with elevated privileges and has deep integration into underlying infrastructure, successful exploitation can lead to full control over managed systems, including the ability to manipulate hardware configurations, deploy malicious firmware, or pivot further into internal environments.
What assets are affected by CVE-2025-37164?
HPE OneView instances running vulnerable versions prior to the fixed release are affected, including both physical appliance deployments and virtual appliances. Affected versions include releases up to and including 10.20.
HPE OneView is often deployed as a centralized management system within enterprise and data center environments. While it is frequently assumed to be internally accessible only, OneView instances are sometimes exposed externally due to misconfigurations, cloud deployments, or inherited network access rules. Externally reachable or poorly segmented OneView systems represent high-value targets due to their broad control over critical infrastructure assets.
Are fixes available?
Yes. HPE has released patches and updated versions of OneView that address CVE-2025-37164. Organizations are advised to upgrade to a fixed release, such as HPE OneView 11.0 or later, or apply the appropriate vendor-provided hotfix for supported versions.
HPE has not documented any effective configuration-based mitigations or workarounds. Applying the official patch or upgrading to a non-vulnerable version is the only reliable remediation.
Are there any other recommended actions to take?
In addition to applying patches, organizations should review where HPE OneView is deployed and how it is exposed. All OneView instances should be treated as highly sensitive management assets and restricted to trusted administrative networks only.
Security teams should verify that OneView is not accessible from the internet or untrusted internal networks, validate segmentation controls, and review logs for unexpected access or execution activity. Given the privilege level of OneView, organizations should also assess downstream impact, including whether managed systems could have been altered prior to remediation.
Is CVE-2025-37164 being actively exploited?
Yes. CVE-2025-37164 has been reported as actively exploited in the wild. Public proof-of-concept code is available, lowering the barrier to exploitation and increasing the likelihood of widespread scanning and opportunistic attacks.
Given the ease of exploitation and the value of OneView as a target, organizations should assume that any exposed or unpatched instance is at significant risk and prioritize remediation accordingly.
How is CyCognito helping customers identify assets vulnerable to CVE-2025-37164?
CyCognito published an Emerging Threat Advisory for CVE-2025-37164 inside the CyCognito platform on January 12, 2026, and is actively researching enhanced detection capabilities for this vulnerability. The platform already surfaces externally exposed assets tied to the affected technology stack, helping customers quickly understand which systems may be at risk. Security teams are advised to review exposed systems identified by the platform, even if vulnerable versions are not yet confirmed. For the latest guidance, reference CyCognito’s Emerging Threats page within the platform.
How can CyCognito help your organization?
CyCognito provides continuous visibility into all externally accessible assets, including unknown or unmanaged systems that may be running vulnerable technologies like HPE OneView. The platform helps security teams prioritize remediation based on real-world exploitability, business impact, and attacker-accessible paths rather than theoretical risk alone.
CyCognito also enables organizations to verify that remediation efforts are effective, continuously monitor for re-exposure, and identify new assets or configuration changes that could reintroduce risk over time. To learn more, contact CyCognito to schedule a demo.
