All the vulnerabilites related to Hewlett Packard Enterprise - HPE OneView for VMware vCenter
cve-2025-37101
Vulnerability from cvelistv5
Published
2025-06-26 05:19
Modified
2025-06-27 03:55
Severity ?
EPSS score ?
Summary
HPE OneView for VMware vCenter (OV4VC), Local Elevation of Privilege
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Hewlett Packard Enterprise | HPE OneView for VMware vCenter |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-37101",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-26T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T03:55:24.243Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"Linux"
],
"product": "HPE OneView for VMware vCenter",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"lessThan": "11.7",
"status": "affected",
"version": "Prior to v11.7",
"versionType": "v11.7"
}
]
}
],
"datePublic": "2025-06-24T10:16:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA potential security vulnerability has been identified in HPE OneView for VMware vCenter (OV4VC). This vulnerability could be exploited allowing an attacker with read only privilege to cause Vertical Privilege Escalation (operator can perform admin actions).\u003c/span\u003e"
}
],
"value": "A potential security vulnerability has been identified in HPE OneView for VMware vCenter (OV4VC). This vulnerability could be exploited allowing an attacker with read only privilege to cause Vertical Privilege Escalation (operator can perform admin actions)."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-26T05:19:02.298Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04876en_us\u0026docLocale=en_US"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "HPE OneView for VMware vCenter (OV4VC), Local Elevation of Privilege",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2025-37101",
"datePublished": "2025-06-26T05:19:02.298Z",
"dateReserved": "2025-04-16T01:28:25.364Z",
"dateUpdated": "2025-06-27T03:55:24.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}