CVE-2025-37101 | THREATINT

Description

A potential security vulnerability has been identified in HPE OneView for VMware vCenter (OV4VC). This vulnerability could be exploited allowing an attacker with read only privilege to cause Vertical Privilege Escalation (operator can perform admin actions).

PUBLISHED Reserved 2025-04-16 | Published 2025-06-26 | Updated 2026-02-26 | Assigner hpe

HIGH: 8.7CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H

Problem types

CWE-269 Improper Privilege Management

Product status

Default status

affected

Prior to v11.7 (v11.7) before 11.7

affected

References

support.hpe.com/...y?docId=hpesbgn04876en_us&docLocale=en_US

cve.org (CVE-2025-37101)

nvd.nist.gov (CVE-2025-37101)

Download JSON