## https://sploitus.com/exploit?id=3F482BFF-5577-5D5D-8CD7-8830BB9A84CF
# CVE-2025-37164
A remote code execution issue exists in HPE OneView.
## How does this detection method work?
This template matches on the OneView title tag, extracts the version from the JavaScript artifactVersion variable, and flags instances running versions below 11.00 as potentially vulnerable.
***Note that instances flagged by this template are possibly vulnerable as the detection method cannot determine whether the Z7550-98077 security hotfix has been applied to versions 5.20-10.20 - only upgrading to version 11.00+ can be reliably verified as patched.***
## How do I run this script?
1. Download and install [Nuclei](https://github.com/projectdiscovery/nuclei).
2. Clone this repostory to your local system.
3. Run the following command:
```sh
nuclei -u -t template.yaml
```
Or if you would like to scan a list of hosts, execute:
```sh
nuclei -l -t template.yaml
```
### Example Output
## References
- https://www.bleepingcomputer.com/news/security/hpe-warns-of-maximum-severity-rce-flaw-in-oneview-software/
- https://securityonline.info/cve-2025-37164-cvss-10-0-unauthenticated-hpe-oneview-rce-grants-total-control-over-data-centers/
- https://ccb.belgium.be/advisories/warning-critical-rce-vulnerability-identified-hpe-oneview-patch-immediately
## Disclaimer
Use at your own risk, I will not be responsible for illegal activities you conduct on infrastructure you do not own or have permission to scan.
---
## License
This project is licensed under the MIT License.
## Contact
If you have any questions about this vulnerability detection script please reach out to me via [Signal](https://signal.me/#eu/0Qd68U1ivXNdWCF4hf70UYFo7tB0w-GQqFpYcyV6-yr4exn2SclB6bFeP7wTAxQw).
If you would like to connect, I am mostly active on [Twitter/X](https://x.com/rxerium) and [LinkedIn](https://www.linkedin.com/in/rxerium/).