CISA Warns: HP OneView Code Injection Act Adds Enterprise

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical code injection flaw, identified as CVE-2025-37164 and impacting Hewlett Packard Enterprise (HPE) OneView, to its Known Exploited Vulnerabilities (KEV) catalog.

The vulnerability has been confirmed to be actively exploited by threat actors, triggering urgent remediation timelines for federal agencies and critical infrastructure operators.

CVE-2025-37164 represents a severe security flaw in HP Enterprise OneView, a widely deployed infrastructure management platform used across data centers globally.

The vulnerability allows remote unauthenticated attackers to execute arbitrary code on affected systems without requiring authentication credentials.

OneView Code Injection-vulnerability”>HP Enterprise OneView Code Injection Vulnerability

This unauthenticated attack surface dramatically increases the risk exposure, as threat actors can compromise systems directly from the network perimeter.

The vulnerability stems from improper input validation in OneView’s code processing functions, classified under CWE-94 (Code Injection).

The weakness enables attackers to craft malicious payloads that bypass security controls and gain unrestricted command execution capabilities on the host system.

CISA has mandated specific remediation steps for all organizations utilizing HP Enterprise OneView:

Primary Mitigation: Apply all security patches and vendor-issued updates immediately. HP has released patches to address this vulnerability; they must be deployed urgently.

Compliance Requirement: Federal agencies must follow BOD 22-01 guidance for cloud services and apply equivalent controls to on-premises OneView deployments within the 21-day remediation window.

Alternative Action: Organizations unable to patch by the deadline should consider discontinuing OneView services or implementing compensating controls, pending the vendor’s remediation availability.

While specific ransomware campaign details remain under investigation, CISA’s placement on the KEV catalog confirms active threat intelligence.

Organizations should assume exploitation attempts are occurring and prioritize patching accordingly.

Organizations should monitor CISA’s official advisory updates and HP security bulletins for comprehensive remediation guidance and detection indicators.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.