Home > Security Alerts > HPE tells customers to patch fast as OneView RCE bug scores a perfect 10

HPE tells customers to patch fast as OneView RCE bug scores a perfect 10

December 21, 2025 Sunday

A maximum-severity bug CVE-2025-37164 rated a max 10.0 on the CVSS scale, affects HPE OneView versions 5.20 through 10.20 and allows unauthenticated remote code execution.

Latest News

LabArchives Laboratory Notebook Cloud Platform available to HKU research groups 

Your opinion matters, share your thoughts by completing the survey about HKU communication channels

Mobile Mail App EAS version below 16.1 will no longer support after March 2026

Update on Staff UID Change Policy

Facial Identity (Face ID) Access for HKU Main Library and Chi Wah Learning Commons

Popular Services:

uPrint
Study Rooms in Learning Commons
Software Download
HKU Virtual Private Network (HKUVPN)
Application

HPE tells customers to patch fast as OneView RCE bug scores a perfect 10

About ITS

Alerts

Service Request & Support