Summary: CISA has added a maximum-severity vulnerability in HPE OneView to its Known Exploited Vulnerabilities (KEV) catalog. This 10.0 CVSS flaw allows unauthenticated remote code execution. Attackers are currently using it to gain lateral movement within enterprise data centers.
Business Impact: Critical. OneView manages entire server infrastructures. A compromise here allows an attacker to seize control of bare-metal servers, storage, and networking across your entire hybrid cloud environment.
Why It Happened: Advanced persistent threat (APT) groups have weaponized this code injection flaw to target high-value government and corporate infrastructure that hasn’t yet applied the 2025 holiday patches.
Recommended Executive Action: Direct your infrastructure team to patch HPE OneView immediately. If patching is not possible tonight, isolate the management interface (VLAN) from the rest of the production network.
Hashtags: #HPE #CISA #KEV #VulnerabilityManagement #DataCenterSecurity #PatchNow