Share
## https://sploitus.com/exploit?id=SAINT:766E9A1BF15AD4B9B14443C10EF6AB10
Added: 12/19/2025  


### Background

HPE OneView is integrated IT infrastructure management software. 

### Problem

A vulnerability in the `**id-pools**` feature allow remote attackers to execute arbitrary commands by sending a PUT request to the `**executeCommand**` API endpoint. 

### Resolution

Apply the hotfix referenced in hpesbgn04985en_us. 

### References

https://attackerkb.com/topics/ixWdbDvjwX/cve-2025-37164/rapid7-analysis   
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04985en_us&docLocale=en_US#vulnerability-summary-1