H-ISAC TLP White Threat Bulletin: Active Exploitation of Critical HPE OneView RCE Flaw (CVE-2025-37164)

A maximum-severity vulnerability in HPE OneView, tracked as CVE-2025-37164, is being actively exploited in the wild.

This unauthenticated remote code execution (RCE) flaw carries a CVSS score of 10.0, allowing attackers to gain full control of data center infrastructure management systems. Organizations are urged to prioritize the immediate application of available security updates or hotfixes to mitigate the risk of compromise.

Health-ISAC provides this information to increase situational awareness and encourage organizations to assess their level of risk to this vulnerability.

View the detailed report below.

For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:

John Riggi

National Advisor for Cybersecurity and Risk, AHA

jriggi@aha.org

(O) +1 202 626 2272

More on John Riggi
Learn more about AHA's Cybersecurity and Risk Advisory Services

Key Resources

Related Resources

Letter/Comment
AHA Support for Senate Rural Hospital Cybersecurity Enhancement Act
Public
Special Bulletin
Senate Deal Reached to End Government Shutdown
Member
Guides and Reports
Strategies for Cyber Preparedness in Health Care
Advisory
Hospitals That Are Oracle Customers Urged to Take Immediate Action to Address Security Vulnerability
Public
Issue Landing Page
Cybersecurity and Risk Advisory Service
Guides and Reports
Cybersecurity and Risk Advisory Services