CRITICAL🇵🇱 Wersja polska

CVE-2025-37099

CVSS 9.8v3.1pub. 2025-07-01upd. 2025-07-10

A remote code execution vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646.

🤖 AI Analysis
How it works

The vulnerability is classified as CWE-94 (Improper Control of Generation of Code) and indicates the possibility of code injection or manipulation of code executed by the application. An attacker can send specially crafted requests to the IRS system without the need for authentication, which leads to arbitrary code execution on the server side. The network vector (AV:N) with no privilege requirements (PR:N) and user interaction (UI:N) means full remote exploitation.

Impact

Successful exploitation allows an attacker to gain full system control — violation of confidentiality, integrity, and availability of data and services. The attacker can gain unauthorized access to sensitive information managed by IRS, modify configuration, or completely disable the service.

Mitigation & patch

HPE Insight Remote Support must be immediately updated to version v7.15.0.646 or later. Detailed update instructions are available in the official HPE security bulletin at: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04878en_us&docLocale=en_US

Who is affected

HPE Insight Remote Support (IRS) in all versions earlier than v7.15.0.646

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • HPE Insight Remote Support

    APP
    Hpe
    < 7.15.0.646
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2024-53676CRITICAL9.8PL ✓ten sam produkt

Path Traversal w HPE Insight Remote Support umożliwiający RCE

CVE-2025-37098HIGH7.5ten sam produkt

A path traversal vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646.

CVE-2025-37097HIGH7.5ten sam produkt

A vulnerability in HPE Insight Remote Support (IRS) prior to v7.15.0.646 may allow an unauthenticated denial o...

CVE-2024-53674HIGH7.3ten sam produkt

An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to d...

CVE-2024-53675HIGH7.3ten sam produkt

An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to d...