heise PlusAbo
Anzeige

Admin attacks on HPE OneView for VMware vCenter possible

Attackers can exploit a vulnerability in HPE OneView for VMware vCenter. A version equipped against this is available.

listen Print view
Update sign

(Image: Artur Szczybylo/Shutterstock.com)

1 min. read
Security
By

The IT infrastructure management tool OneView for VMware vCenter (OV4VC) from HPE is vulnerable. Attackers can gain higher user rights.

The vulnerability listed in a warning message (CVE-2025-37101 “high”) can enable attackers with read rights to execute commands as admins. How such an attack could work in detail and whether attackers are already exploiting the vulnerability is currently unknown.

Videos by heise

The developers assure us that they have prepared version 11.7 against this attack. All previous versions are said to be vulnerable. The information technology company recently released security updates for its StoreOnce backup solution.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten