Vulnerability
sysops

Multiple severe security vulnerabilities in HPE Insight Remote Support (IRS) platform that could allow attackers to execute remote code, traverse directories, and access sensitive information. 

The vulnerabilities affect versions prior to 7.15.0.646 and pose significant risks to enterprise infrastructure management systems.

Critical HPE IRS Remote Execution Vulnerability 

This critical vulnerability CVE-2025-37099 scored 9.8 on the CVSS v3.1 scale uses the vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating network-based exploitation requiring no privileges or user interaction. 

Attackers can exploit this flaw to execute arbitrary commands on unpatched IRS installations, potentially compromising entire enterprise monitoring systems.

The vulnerability stems from improper input validation in IRS’s data processing routines, allowing malicious payloads to bypass security checks. Successful exploitation enables attackers to:

Deploy ransomware or cryptominers across connected systems.

Manipulate monitoring data to hide malicious activities.

Establish persistent backdoors for lateral movement within networks.

HPE confirms this vulnerability was reported through Trend Micro’s Zero Day Initiative , highlighting its appeal to advanced threat actors.

Medium-Severity HPE IRS Flaws

CVE-2025-37097 is a Directory Traversal flaw (CVSS 7.5) that enables attackers to access files outside the IRS’s restricted directories. While rated 7.5, it serves as a critical enabler for follow-on attacks by exposing:

Configuration files containing credentials for connected devices.

TLS certificates are used for secure communications.

System logs reveal network architecture details.

CVE-2025-37098 is a Privileged Information Disclosure (CVSS 6.5). This medium-severity vulnerability allows authenticated users with low privileges to access sensitive system information. The flaw exposes:

API keys for integrated HPE OneView systems.

Hardware inventory details of managed servers.

Firmware versions of connected storage arrays.

While requiring valid credentials, this vulnerability becomes particularly dangerous in compromised environments where attackers have obtained basic access through phishing or credential-stuffing attacks.

CVEsAffected ProductsImpactExploit PrerequisitesCVSS 3.1 ScoreCVE-2025-37099HPE Insight Remote Support

Related Posts

Foxit Software has released an update for its Foxit PDF Reader 2024.1 and Foxit PDF Editor 2024.1 for Windows, addressing…

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Cisco vulnerability to its Known Exploited Vulnerabilities (KEV) catalog…

Bitdefender GravityZone Update Server (versions 6.36.1, Endpoint Security for Linux 7.0.5.200089, and Endpoint Security for Windows 7.9.9.380) is vulnerable to…