CVE-2025-37164

CRITICAL KEV NUCLEI

HPE OneView unauthenticated RCE

Title source: metasploit

Description

A remote code execution issue exists in HPE OneView.

Exploits (5)

nomisec WORKING POC 6 stars

by g0vguy · remote

https://github.com/g0vguy/CVE-2025-37164-PoC

View Code ZIP pw:eip

github WORKING POC 2 stars

by adminlove520 · pythonpoc

https://github.com/adminlove520/CVE-Poc_All_in_One/tree/main/2025/CVE-2025-37164

View Code ZIP pw:eip

nomisec SCANNER 2 stars

by rxerium · poc

https://github.com/rxerium/CVE-2025-37164

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by LACHHAB-Anas · remote

https://github.com/LACHHAB-Anas/Exploit_CVE-2025-37164

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Nguyen Quoc Khanh, remmons-r7, sfewer-r7 · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/hpe_oneview_rce.rb

View Code ZIP pw:eip

Nuclei Templates (1)

HPE OneView - Remote Code Execution

CRITICALVERIFIEDby DhiyaneshDk,garciaizcoa

Shodan: html:"HPE" html:"OneView"

References (4)

[Vendor Advisory] https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04985en_us&docLocale=en_US

[Exploit] https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/hpe_oneview_rce.rb

[Vendor Advisory] https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04985en_us&docLocale=en_US#vulnerability-summary-1

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-37164

Scores

CVSS v3 10.0

EPSS 0.8395

EPSS Percentile 99.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CISA KEV 2026-01-07

VulnCheck KEV 2025-12-24

ENISA EUVD EUVD-2025-203803

CWE

CWE-94

Status published

Products (1)

hpe/oneview < 10.20.00

Published Dec 16, 2025

KEV Added Jan 07, 2026

Tracked Since Feb 18, 2026