Share
## https://sploitus.com/exploit?id=SAINT:1BC7D356038B22704C99EDD77B444C41
Added: 12/19/2025  


### Background

HPE OneView is integrated IT infrastructure management software. 

### Problem

A vulnerability in the `**id-pools**` feature allow remote attackers to execute arbitrary commands by sending a PUT request to the `**executeCommand**` API endpoint. 

### Resolution

Apply the hotfix referenced in hpesbgn04985en_us. 

### References

https://attackerkb.com/topics/ixWdbDvjwX/cve-2025-37164/rapid7-analysis   
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04985en_us&docLocale=en_US#vulnerability-summary-1