A maximum-severity security vulnerability in OneView software has been fixed by HPE. The vulnerability could lead to remote code execution if it is successfully exploited. The critical vulnerability has a CVSS score of 10.0 and is assigned the CVE identifier CVE-2025-37164.

HPE OneView is an IT infrastructure management program that uses a central dashboard interface to control all systems and streamline IT operations. All software versions before version 11.00 are impacted, and versions 5.20 through 10.20 can be fixed with a hotfix.

It is important to note that the hotfix needs to be reinstalled following any HPE Synergy Composer reimaging procedures or after upgrading from version 6.60 or later to version 7.00.

Earlier in June, the company also released updates to address eight vulnerabilities in its StoreOnce data backup and deduplication solution.