{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-37101","assignerOrgId":"eb103674-0d28-4225-80f8-39fb86215de0","state":"PUBLISHED","assignerShortName":"hpe","dateReserved":"2025-04-16T01:28:25.364Z","datePublished":"2025-06-26T05:19:02.298Z","dateUpdated":"2026-02-26T17:50:23.327Z"},"containers":{"cna":{"affected":[{"defaultStatus":"affected","platforms":["Windows","Linux"],"product":"HPE OneView for VMware vCenter","vendor":"Hewlett Packard Enterprise","versions":[{"lessThan":"11.7","status":"affected","version":"Prior to v11.7","versionType":"v11.7"}]}],"datePublic":"2025-06-24T10:16:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<span style=\"background-color: rgb(255, 255, 255);\">A potential security vulnerability has been identified in HPE OneView for VMware vCenter (OV4VC). This vulnerability could be exploited allowing an attacker with read only privilege to cause Vertical Privilege Escalation (operator can perform admin actions).</span>"}],"value":"A potential security vulnerability has been identified in HPE OneView for VMware vCenter (OV4VC). This vulnerability could be exploited allowing an attacker with read only privilege to cause Vertical Privilege Escalation (operator can perform admin actions)."}],"impacts":[{"capecId":"CAPEC-233","descriptions":[{"lang":"en","value":"CAPEC-233 Privilege Escalation"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.7,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-269","description":"CWE-269 Improper Privilege Management","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"eb103674-0d28-4225-80f8-39fb86215de0","shortName":"hpe","dateUpdated":"2025-06-26T05:19:02.298Z"},"references":[{"url":"https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04876en_us&docLocale=en_US"}],"source":{"discovery":"INTERNAL"},"title":"HPE OneView for VMware vCenter (OV4VC), Local Elevation of Privilege","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2025-37101","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2025-06-27T03:55:25.332378Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-26T17:50:23.327Z"}}]}}