**Hewlett Packard Enterprise (HPE) Patches Critical OneView Flaw**

In a recent move to strengthen the security of its products, Hewlett Packard Enterprise (HPE) has patched a maximum-severity vulnerability in its OneView software. This critical flaw could have allowed attackers to gain remote code execution, posing a significant threat to the integrity and confidentiality of data.

HPE's OneView is an integrated IT management and automation platform used for managing, monitoring, and automating HPE data center infrastructure. It provides a unified, software-defined interface to control servers, storage, and networking in HPE environments, such as ProLiant servers and Synergy systems.

According to the advisory published by HPE, the vulnerability could be exploited by a remote unauthenticated user to perform remote code execution. The flaw affects all versions of OneView software up to v10.20, although it is unclear at this time if threat actors have already taken advantage of the vulnerability in attacks in the wild.

This is not the first critical security patch released by HPE this year. In June, the company released patches for eight vulnerabilities in its StoreOnce backup solution, which could have allowed remote code execution, authentication bypass, data leaks, and more. The most severe of these issues was an Authentication Bypass vulnerability tracked as CVE-2025-37093 (CVSS score of 9.8).

Interestingly, earlier this month, HPE shipped OneView version 10.00 to remediate a number of known flaws in third-party components, such as Apache Tomcat and Apache HTTP Server. This move highlights the company's commitment to prioritizing security and continuously improving its products.

As always, it is essential for organizations using HPE's OneView software to apply the latest patches and updates to ensure their systems are protected against potential threats. The patching process should be carried out with the utmost urgency, especially considering the maximum-severity rating of the vulnerability.

To stay informed about security news and vulnerabilities, follow me on Twitter (@securityaffairs) and Facebook. Don't forget to join my community on Mastodon as well for the latest updates on cybersecurity and technology!