Ref# ADV2026_459 | Date: Jan 8th 2026

---

HPE published a security advisory highlighting vulnerabilities in the following products on January 16, 2025. It is recommended that you take the necessary precautions by ensuring your products are always updated.

• HPE OneView – versions prior to v11.00
• HPE Telco Service Activator – version 10.3.2 and prior

Update 1

On January 7, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-37164 to their Known Exploited Vulnerabilities (KEV) Database.

For more information on these updates, you can follow these URLs:

• HPESBGN04985 rev.1 – Hewlett Packard Enterprise OneView Software, Remote Code Execution – Critical
• HPESBNW04986 rev.1 – HPE Telco Service Activator, Multiple Vulnerabilities
• CISA KEV: CVE-2025-37164
• HPE Security Bulletin Library

The Guyana National CIRT recommends that users and administrators review these updates and apply them where necessary.

References

• HPE Security Advisory (December 16th, 2025). Retrieved from HPE. https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04985en_us&docLocale=en_US
• HPE Security Advisory. (January 08th, 2026). Retrieved from Canadian Centre for Cyber Security. https://www.cyber.gc.ca/en/alerts-advisories/hpe-security-advisory-av25-844