A severe vulnerability has been identified in HPE OneView, carrying a maximum CVSS rating of 10.0. This critical flaw allows for unauthenticated remote code execution (RCE), presenting a significant security risk to affected systems.

Understanding the High-Severity Threat

The CVSS 10.0 rating signifies the highest possible severity for a vulnerability. An unauthenticated remote code execution flaw means that an attacker can execute arbitrary code on a vulnerable system without needing any credentials or prior access. This level of access could lead to complete system compromise.

Impact on HPE OneView Deployments

The presence of such a vulnerability in HPE OneView necessitates immediate attention from administrators. HPE OneView is a crucial infrastructure management platform, and a flaw of this nature could have widespread implications for data centers and IT environments utilizing the software. Organizations are urged to review their HPE OneView deployments and apply any available security patches or mitigation strategies.

Source: https://thehackernews.com/2025/12/hpe-oneview-flaw-rated-cvss-100-allows.html