CVE-2025-37101

HIGH 8.7

HPE OneView for VMware vCenter (OV4VC), Local Elevation of Privilege

CVSS Score

8.7

EPSS Score

0.0%

EPSS Percentile

0th

A potential security vulnerability has been identified in HPE OneView for VMware vCenter (OV4VC). This vulnerability could be exploited allowing an attacker with read only privilege to cause Vertical Privilege Escalation (operator can perform admin actions).

CWE	CWE-269
Vendor	hewlett packard enterprise
Product	hpe oneview for vmware vcenter
Published	Jun 26, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for hewlett packard enterprise hpe oneview for vmware vcenter

Be the first to know when new high vulnerabilities affecting hewlett packard enterprise hpe oneview for vmware vcenter are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

None

Integrity

High

Availability

High

Affected Versions

Hewlett Packard Enterprise / HPE OneView for VMware vCenter

Prior to v11.7 < 11.7

References

NVD ↗ CVE.org ↗ EPSS Data ↗

support.hpe.com: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04876en_us&docLocale=en_US