CVE-2025-37101 – HPE OneView for VMware vCenter Vertical Privilege Escalation

June 26, 2025

CVE ID : CVE-2025-37101

Published : June 26, 2025, 6:15 a.m. | 4 hours, 14 minutes ago

Description : A potential security vulnerability has been identified in HPE OneView for VMware vCenter (OV4VC). This vulnerability could be exploited allowing an attacker with read only privilege to cause Vertical Privilege Escalation (operator can perform admin actions).

Severity: 8.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-41404 – Iroha Board Information Disclosure

Next Article CVE-2025-1754 – GitLab Unauthenticated File Upload Vulnerability

Highlights

CVE-2025-37828 – “ufs Linux Kernel NULL Pointer Dereference Vulnerability”

May 8, 2025

CVE ID : CVE-2025-37828

Published : May 8, 2025, 7:15 a.m. | 58 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

scsi: ufs: mcq: Add NULL check in ufshcd_mcq_abort()

A race can occur between the MCQ completion path and the abort handler:
once a request completes, __blk_mq_free_request() sets rq->mq_hctx to
NULL, meaning the subsequent ufshcd_mcq_req_to_hwq() call in
ufshcd_mcq_abort() can return a NULL pointer. If this NULL pointer is
dereferenced, the kernel will crash.

Add a NULL check for the returned hwq pointer. If hwq is NULL, log an
error and return FAILED, preventing a potential NULL-pointer
dereference. As suggested by Bart, the ufshcd_cmd_inflight() check is
removed.

This is similar to the fix in commit 74736103fb41 (“scsi: ufs: core: Fix
ufshcd_abort_one racing issue”).

This is found by our static analysis tool KNighter.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Power Of The Intl API: A Definitive Guide To Browser-Native Internationalization

This week in AI dev tools: GPT-5, Claude Opus 4.1, and more (August 8, 2025)

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

I compared the best headphones from Apple, Sony, Bose, and Sonos: Here’s how the AirPods Max wins

I changed these 6 settings on my iPad to significantly improve its battery life

DistroWatch Weekly, Issue 1134

3 portable power stations I travel everywhere with (and how they differ)

Next.js PWA offline capability with Service Worker, no extra package

Next.js PWA offline capability with Service Worker, no extra package

spatie/laravel-flare

Establishing Consistent Data Foundations with Laravel’s Database Population System

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Best Architecture AI Rendering Platform: 6 Tools Tested

Microsoft won’t kill off Chromium Edge and PWAs on Windows 10 until October 2028

CVE-2025-37101 – HPE OneView for VMware vCenter Vertical Privilege Escalation

Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models

Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation

synthv1 is an old-school polyphonic synthesizer

direnv unclutters your .profile

Triple 4K 144Hz displays from something this small blows my mind — CalDigit’s Element 5 Hub tested and reviewed

Windows Central Podcast: Is Windows in trouble?

CVE-2025-37828 – “ufs Linux Kernel NULL Pointer Dereference Vulnerability”

Radon – computes various metrics from Python code

Are you watching A Minecraft Movie in theaters, and if so, what do you think of it? — Weekend discussion 💬

Moldovan Police Arrest Suspect in €4.5M Ransomware Attack on Dutch Research Agency

CVE-2025-37101 – HPE OneView for VMware vCenter Vertical Privilege Escalation

Related Posts