Known exploited
Hewlett Packard Enterprise (HPE)
CVE published 2026-01-07
CVE-2025-37164
CVE-2025-37164 is a Hewlett Packard Enterprise OneView code injection vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2026-01-07. Because it is on the KEV list, organizations should treat it as a priority remediation item and apply HPE’s mitigations as soon as possible; if mitigations are not available, CISA’s guidance is to discontinue use of the product. No CVSS score was [truncated]