Summary: CISA has added a maximum-severity vulnerability in HPE OneView (CVE-2025-37164, CVSS 10.0) to its Known Exploited Vulnerabilities (KEV) catalog. The flaw allows unauthenticated, remote attackers to execute arbitrary code on the management platform, potentially compromising entire data center infrastructures.
Business Impact: HPE OneView is the “brain” for many enterprise data centers. Compromise grants an attacker control over servers, storage, and networking. For your clients in Bahrain, this represents a “crown jewel” risk that could lead to complete operational blackout.
Why It Happened: A code injection flaw in the management interface was weaponized by threat actors shortly after the technical details were leaked. Legacy infrastructure management remains a primary target for initial access brokers.
Recommended Executive Action: Mandate an immediate patch of all HPE OneView instances to v10.20 or higher. If patching isn’t instant, isolate the management network from the internet immediately.
Hashtags: #HPE #CISA #Vulnerability #DataCenter #KEV #CyberSecurity