CVE-2016-2025

CWE-200Information ExposureCWE-20Improper Input ValidationCWE-787Out-of-bounds WriteCWE-264CWE-532Log File Information ExposureCWE-287Improper AuthenticationCWE-502Deserialization of Untrusted DataCWE-119Buffer OverflowCWE-32632 documents14 sources
Severity
7.5HIGH
EPSS
0.7%
top 29.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
HP Service Manager
Timeline
PublishedMay 30
Latest updateOct 14

Description

HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote attackers to obtain sensitive information via unspecified vectors, related to the Web Client, Service Request Catalog, and Mobility components.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDhp/service_manager8 versions+7

Patches

Patch: h20566.www2.hpe.comPatch: h20566.www2.hpe.com

🔴Vulnerability Details

2
GHSA
GHSA-76gp-rwc5-4h59: HPE Service Manager 92022-05-17
CVEList
CVE-2016-2025: HPE Service Manager 92016-05-30

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows Server 2016 - Win32k Elevation of Privilege2025-05-25

📋Vendor Advisories

11
Microsoft
Microsoft SharePoint Remote Code Execution Vulnerability2025-10-14
Microsoft
Microsoft SharePoint Remote Code Execution Vulnerability2025-09-09
Oracle
Oracle Oracle Analytics Risk Matrix: Development Operations (Spring Framework) — CVE-2016-10000272025-01-15
Microsoft
Windows Kernel Memory Information Disclosure Vulnerability2025-01-14
Microsoft
A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.2022-02-08

🕵️Threat Intelligence

3
Talos
ToolShell: Details of CVEs affecting SharePoint servers2025-07-21
Krebs
Microsoft Patch Tuesday, July 2025 Edition2025-07-08
Bleepingcomputer
Microsoft patches Windows Kernel zero-day exploited since 20232025-03-12
CVE-2016-2025 (HIGH CVSS 7.5) | HPE Service Manager 9.30 | cvebase.io