CVE-2025-37101HIGH 8.7EPSS p16.7%

CVE-2025-37101CVE-2025-37101

Description

A potential security vulnerability has been identified in HPE OneView for VMware vCenter (OV4VC). This vulnerability could be exploited allowing an attacker with read only privilege to cause Vertical Privilege Escalation (operator can perform admin actions).

Scoring

CVSS 3.18.7 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H
EPSS0.26% probability of exploitation · percentile 16.7% · 2026-06-19T12:03:05Z
Published2025-06-26
Last modified2026-04-15

Underlying weaknesses· 1

CWE-269

References

  1. https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04876en_us&docLocale=en_US

1

TypeTargetConfidenceTier
WeaknessImproper Privilege Managementcwe-2690%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Hewlett Packard Enterprise (HPE) OneView Code Injection Vulnerability
CVE
VMware vCenter Server Privilege Escalation Vulnerability
CVE
VMware Multiple Products Privilege Escalation Vulnerability
CVE
CVE-2025-0324
CVE
CVE-2025-37093
CVE
CVE-2025-37095
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.