The Register on MSN

CISA flags actively exploited Office relic alongside fresh HPE flaw

Max-severity OneView hole joins a PowerPoint bug that should've been retired years ago CISA has added a pair of security ...
CSO Online

CISA flags max-severity bug in HPE OneView amid active exploitation

The flaw allows remote code execution via a public REST API, giving attackers a direct path to compromise enterprise ...
The Hacker News

CISA Flags Microsoft Office and HPE OneView Bugs as Actively Exploited

CISA adds two vulnerabilities affecting Microsoft Office and HPE OneView to its KEV list, urging agencies to patch by January ...
TechRadar

HPE tells customers to patch OneView immediately as top-level security flaw spotted

HPE patches critical RCE flaw (CVE‑2025‑37164) in OneView, severity 10/10 Exploitation could allow attackers to reconfigure servers, deploy malware, or create persistent backdoors Users must upgrade ...
heise online

HPE OneView: Critical vulnerability allows code smuggling from the network

A critical security vulnerability has been discovered in HPE OneView, allowing attackers to inject and execute malicious code. As this is possible from the internet without prior authentication, the ...