CVE-2025-37101

HIGH

HPE OneView for VMware vCenter - Privilege Escalation

Title source: llm

Description

A potential security vulnerability has been identified in HPE OneView for VMware vCenter (OV4VC). This vulnerability could be exploited allowing an attacker with read only privilege to cause Vertical Privilege Escalation (operator can perform admin actions).

References (1)

Core 1

Core References

Vendor Advisory

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04876en_us&docLocale=en_US

Scores

CVSS v3 8.7

EPSS 0.0026

EPSS Percentile 16.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-269

Status published

Products (1)

Hewlett Packard Enterprise/HPE OneView for VMware vCenter Prior to v11.7 - 11.7

Published Jun 26, 2025

Tracked Since Feb 18, 2026