Cyber Posture

CVE-2025-37164

CriticalCISA KEVActive ExploitationPublic PoCRCE

Published: 16 December 2025

Published
16 December 2025
Modified
08 January 2026
KEV Added
07 January 2026
Patch
CVSS Score 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.7528 98.9th percentile
Risk Priority 85 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-37164 is a critical-severity Code Injection (CWE-94) vulnerability in Hpe Oneview. Its CVSS base score is 10.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 1.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Requires timely patching of the code injection flaw in HPE OneView as detailed in HPE security bulletin hpesbgn04985en_us to remediate CVE-2025-37164.

RA-5 Vulnerability Monitoring and Scanning good match
preventdetect

Vulnerability scanning identifies CVE-2025-37164 in HPE OneView systems, enabling risk-based prioritization and remediation given its presence in the CISA KEV catalog.

SI-10 Information Input Validation good match
prevent

Validates information inputs to prevent CWE-94 code injection exploits enabling unauthenticated remote code execution in HPE OneView.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

The vulnerability is a critical unauthenticated remote code execution in HPE OneView, a public-facing management application, directly enabling exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A remote code execution issue exists in HPE OneView.

Deeper analysisAI

CVE-2025-37164 is a remote code execution vulnerability affecting HPE OneView, stemming from a CWE-94 code injection flaw. Published on 2025-12-16, it carries a maximum CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), indicating critical severity due to its potential for complete system compromise.

Unauthenticated attackers can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation allows arbitrary code execution on the affected HPE OneView instance, granting high-impact confidentiality, integrity, and availability violations, including scope expansion to other system components.

HPE has issued a security bulletin (hpesbgn04985en_us) detailing the vulnerability, available at support.hpe.com. A Metasploit module for exploitation exists at github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/hpe_oneview_rce.rb. Practitioners should consult these advisories for patch availability and mitigation steps.

The vulnerability appears in the CISA Known Exploited Vulnerabilities Catalog, signaling real-world exploitation activity.

Details

CWE(s)
CWE-94
KEV Date Added
07 January 2026

Affected Products

hpe
oneview
≤ 10.20.00

CVEs Like This One

CVE-2025-37105Same vendor: Hpe
CVE-2026-1281Shared CWE-94both on KEV
CVE-2026-1340Shared CWE-94both on KEV
CVE-2025-6204Shared CWE-94both on KEV
CVE-2025-49704Shared CWE-94both on KEV
CVE-2025-23209Shared CWE-94both on KEV
CVE-2025-54068Shared CWE-94both on KEV
CVE-2026-34197Shared CWE-94both on KEV
CVE-2025-24893Shared CWE-94both on KEV
CVE-2026-20045Shared CWE-94both on KEV

References