Category: Uncategorized

Dec 18, 2025Ravie LakshmananVulnerability / Enterprise Security

Hewlett Packard Enterprise (HPE) has resolved a maximum-severity security flaw in OneView Software that, if successfully exploited, could result in remote code execution.

The critical vulnerability, assigned the CVE identifier CVE-2025-37164, carries a CVSS score of 10.0. HPE OneView is an IT infrastructure management software that streamlines IT operations and controls all systems via a centralized dashboard interface.

“A potential security vulnerability has been identified in Hewlett Packard Enterprise OneView Software. This vulnerability could be exploited, allowing a remote unauthenticated user to perform remote code execution,” HPE said in an advisory issued this week.

It affects all versions of the software prior to version 11.00, which addresses the flaw. The company has also made available a hotfix that can be applied to OneView versions 5.20 through 10.20.

It’s worth noting that the hotfix must be reapplied after upgrading from version 6.60 or later to version 7.00.00, or after any HPE Synergy Composer reimaging operations. Separate hotfixes are available for the OneView virtual appliance and Synergy Composer2.

Although HPE makes no mention of the flaw being exploited in the wild, it’s essential that users apply the patches as soon as possible for optimal protection.

Earlier this June, the company also released updates to fix eight vulnerabilities in its StoreOnce data backup and deduplication solution that could result in an authentication bypass and remote code execution. It also shipped OneView version 10.00 to remediate a number of known flaws in third-party components, such as Apache Tomcat and Apache HTTP Server.

TikTok’s Chinese owner ByteDance has signed binding agreements with US and global investors to sell the majority of its business in America, TikTok’s boss told employees on Thursday.

Half of the joint venture will be owned by a group of investors, including Oracle, Silver Lake and the Emirati investment firm MGX, according to a memo sent by chief executive Shou Zi Chew.

The deal, which is set to close on 22 January, would end years of efforts by Washington to force ByteDance to sell its US operations over national security concerns.

The deal is ​line with one unveiled in September, when US President Donald Trump delayed the enforcement of a law that would ban the app unless it was sold.

In the memo, TikTok said the deal will enable “over 170 million Americans to continue discovering a world of endless possibilities as part of a vital global community”.

The White House referred the BBC to TikTok when contacted for comment.

Pope Leo has named Bishop Aldon Ronald Hicks as the next archbishop of New York.

Bishop Hicks, who – like the pope – is from the Chicago area and served in Latin America, will lead one of the Roman Catholic Church’s most populous and important postings in the United States.

The 58-year-old replaces the retiring Cardinal Timothy Dolan, 75, who was seen as a conservative with close ties to President Donald Trump. Hicks said he accepted his appointment, which was announced on Thursday, with “an open heart” and Dolan called it “an early Christmas gift” for New Yorkers.

Last month, Hicks joined other bishops to condemn the Trump administration’s large scale immigration-related arrests as part of its mass deportation agenda.

Hicks’ early life and pastoral career closely mirror Pope Leo’s. He grew up in South Holland, a short distance from Leo’s Dolton neighbourhood in the suburb of Chicago.

While Pope Leo spent two decades as a missionary in Peru, Hicks worked at an orphanage in El Salvador from 2005 to 2010, according to a biography released by the New York archdiocese. Hicks was appointed bishop of Joliet by Pope Francis in 2020.

Like the pope, Hicks has been outspoken about his concerns for immigrants.

“Deeply rooted in our Gospel tradition of loving our neighbor, this letter affirms our solidarity with all our brothers and sisters as it expresses our concerns, opposition, and hopes with clarity and conviction,” he said, in response to a joint-letter written by US bishops expressing concerns about the situation immigrants in the United States face.

“It is grounded in the Church’s enduring commitment to the Catholic social teaching of human dignity and a call for meaningful immigration reform,” he said

The Trump administration has carried out large scale immigration arrests in the Chicago area, leading to clashes between federal agents and residents protesting their presence.

The bishops’ letter comes as churches grapple with how to respond to immigration activity that affects their members.

The majority of people at risk of deportation are Christians, with 61% of the at-risk group being Catholics, according to a report by the US Catholic Bishops Conference.

Hicks will now leave his position as bishop of Joliet for the ornate sanctuary at St Patrick’s Cathedral in Manhattan where he will lead 2.5 million Catholics in the nation’s largest city.

His appointment comes a week after Cardinal Dolan, who has served in New York City for about 16 years, announced the archdiocese will set up a $300 million fund to settle claims of clergy sex abuse.

“As a church, we can never rest in our efforts to prevent abuse, to protect children and to care for survivors,” the incoming archbishop said at a news conference. “While this work is challenging, it’s difficult, it’s painful, I hope it will continue to help in the areas of accountability, transparency and healing.”