{"uuid": "76276895-4c7b-41c0-849d-4ad258e7aad3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37164", "type": "seen", "source": "https://t.me/iiLinux/3164", "content": "CVE-2025-37164: Unauthenticated RCE in HPE OneView.\n\nUnauthenticated RCE (10.0 CVSS) vulnerability, in Hewlett Packard Enterprise (HPE) OneView via an unauthenticated REST endpoint called executeCommand. All versions below 11.00 are vulnerable (so long as the vendor supplied hotfix has not been applied), however some VM product versions do not enable the vulnerable \"ID Pools\" endpoint, and are not exploitable.\n\nPOC : https://github.com/g0vguy/CVE-2025-37164-PoC", "creation_timestamp": "2026-07-09T03:00:04.260871Z"}