HPE OneView id-pools command execution

Added: 12/19/2025

Background

HPE OneView is integrated IT infrastructure management software.

Problem

A vulnerability in the id-pools feature allow remote attackers to execute arbitrary commands by sending a PUT request to the executeCommand API endpoint.

Resolution

Apply the hotfix referenced in hpesbgn04985en_us.

References

https://attackerkb.com/topics/ixWdbDvjwX/cve-2025-37164/rapid7-analysis
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04985en_us&docLocale=en_US#vulnerability-summary-1

Back to exploit index