CVE-2025-37099 – A critical remote code execution vulnerability ... (How to Fix)

Q: What is the severity of CVE-2025-37099?

CVE-2025-37099 has a CVSS score of 9.8 (CRITICAL). A critical remote code execution vulnerability exists in HPE Insight Remote Support (IRS) software due to improper control of code generation (CWE-94). This allows unauthenticated attackers to execute arbitrary code on affected systems. Organizations running IRS versions prior to 7.15.0.646 are vulnerable.

📋 TL;DR

A critical remote code execution vulnerability exists in HPE Insight Remote Support (IRS) software due to improper control of code generation (CWE-94). This allows unauthenticated attackers to execute arbitrary code on affected systems. Organizations running IRS versions prior to 7.15.0.646 are vulnerable.

💻 Affected Systems

Products:

HPE Insight Remote Support

Versions: All versions prior to 7.15.0.646

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: IRS is typically deployed in enterprise environments for remote support capabilities.

📦 What is this software?

Insight Remote Support by Hpe

View all CVEs affecting Insight Remote Support →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to install malware, steal sensitive data, pivot to internal networks, and maintain persistent access.

🟠

Likely Case

Initial foothold leading to ransomware deployment, data exfiltration, or credential harvesting from the compromised server.

🟢

If Mitigated

Limited impact if network segmentation prevents lateral movement and monitoring detects exploitation attempts early.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

CVSS 9.8 indicates critical severity with low attack complexity and no authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.15.0.646 or later

Vendor Advisory: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04878en_us&docLocale=en_US

Restart Required: Yes

Instructions:

1. Download IRS version 7.15.0.646 or later from HPE support portal. 2. Backup current configuration. 3. Install the update following HPE documentation. 4. Restart the IRS service.

🔧 Temporary Workarounds

Network Isolation

all

Restrict network access to IRS servers using firewall rules

Disable Unused Features

all

Disable unnecessary IRS components to reduce attack surface

🧯 If You Can't Patch

Implement strict network segmentation to isolate IRS servers from critical assets
Deploy application-level firewalls with strict input validation rules

🔍 How to Verify

Check if Vulnerable:

Check IRS version in administration console or via installed software list

Check Version:

On Windows: Check Programs and Features. On Linux: Check package manager or IRS installation directory.

Verify Fix Applied:

Verify version is 7.15.0.646 or higher in IRS administration interface

📡 Detection & Monitoring

Log Indicators:

Unusual process creation from IRS service
Suspicious network connections from IRS server
Authentication failures or unexpected user activity

Network Indicators:

Unusual outbound connections from IRS server
Traffic to known malicious IPs
Anomalous protocol usage

SIEM Query:

source="irs_logs" AND (process_name="cmd.exe" OR process_name="powershell.exe" OR process_name="bash")

📊 Metadata

CVE ID: CVE-2025-37099

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

EPSS Score: 0.35% exploit probability (57.1th percentile)

Published: July 1, 2025

Last Updated: July 10, 2025

🔗 References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04878en_us&docLocale=en_US Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-37099, you might also want to check these: