Hewlett Packard Enterprise (HPE) has addressed a severe security flaw in its OneView Software, which could allow remote code execution if exploited. The vulnerability, labeled CVE-2025-37164, has a CVSS score of 10.0, indicating its critical nature. Affected versions include all prior to 11.00, while a hotfix is available for versions 5.20 through 10.20. Users need to apply this fix promptly to protect their systems. HPE's advisory points out that an unauthenticated remote user could exploit this flaw, making it imperative for organizations to act swiftly. The hotfix requires reapplication after upgrading from version 6.60 or later to 7.00.00, as well as after any reimaging of HPE Synergy Composer. Separate fixes are provided for the OneView virtual appliance and Synergy Composer2. While HPE has not reported any instances of the flaw being exploited in the wild, the urgency to patch remains high. Earlier this year, HPE also tackled eight vulnerabilities in its StoreOnce data backup solution that could lead to authentication bypass and remote code execution, reinforcing the importance of regular updates and vigilance in maintaining security.