ewlett Packard Enterprise (HPE) this week announced patches for a critical-severity remote code execution vulnerability in its OneView IT infrastructure management software.
Tracked as CVE-2025-37164 (CVSS score of 10), the security defect can be exploited without authentication, the company notes in a barebones advisory.
HPE makes no mention of the flaw being exploited in the wild, but urges customers to update to a fixed release as soon as possible.
https://www.securityweek.com/hpe-patche ... -software/