HPE OneView Critical Vulnerability - 20260109001

Overview

A critical vulnerability has been identified in Hewlett Packard Enterprise (HPE) OneView Software. Successful exploitation could allow a remote unauthenticated user to perform remote code execution.

What is vulnerable?

Product(s) Affected	Version(s)	CVE	CVSS	Severity
HPE OneView	All versions through v10.20	CVE-2025-37164	10	Critical

What has been observed?

One or more of the above vulnerabilities have been added to the CISA Known Exploited Vulnerability catalog. The WASOC has not received any reports of exploitation of this vulnerability on Western Australian Government networks at the time of writing.

Recommendation

The WASOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframes (refer Patch Management):

• HPE: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04985en_us&docLocale=en_US#vulnerability-summary-1

Additional References

• CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-37164