security gaps: HPE ProLiant servers with Intel QuickAssist are vulnerable
Security patches close multiple vulnerabilities in HPE ProLiant. However, servers are only attackable under certain conditions.
(Image: Tatiana Popova/Shutterstock.com)
When Intel QuickAssist is running on certain HPE ProLiant servers, attackers can exploit multiple security vulnerabilities. In the worst case, attackers gain higher user privileges. So far, there are no reports of attacks. However, this does not mean that administrators should postpone the patching process.
Various Dangers
In a warning message, the developers state that specifically HPE ProLiant DL/ML/XD Alletra and Synergy servers that use Intel QuickAssist are vulnerable. A total of ten vulnerabilities have been found in the Windows driver software.
Two vulnerabilities (CVE-2025-33000 “high”, CVE-2025-27713 “high”) are considered the most dangerous, allowing attackers to gain higher user privileges. Such a position typically serves as a springboard for further attacks. However, to initiate attacks, attackers must already be authenticated.
Videos by heise
The majority of the remaining vulnerabilities are classified as “medium” threat level. These can lead to information leaks, among other things. Intel states that the vulnerabilities have been closed in version 2.6.0.
(des)
