Welcome back to your latest Command Line newsletter from The Stack.

A critical pre-auth RCE bug in HPE’s IT infrastructure management software OneView – CVE-2025-37164 – is being exploited in the wild. 

The CVSS 10 bug stems from the fact that HPE left an undocumented utility API exposed on a public management port without an active session requirement. Gee, thanks HPE. Is it a backdoor, or just BAU?

We looked closer and solicited some views.

In Germany last week, an activist group took aim at “gigantic, energy-guzzling data centers and server farms” in a 4000-word manifesto, sabotaged a powerplant and cast Berlin into darkness. Data center operators need to be doubling down on physical security. Read on...

But first… 

A quick aside: To all Command Line readers, many thanks! We set up The Stack with £300 and a prayer in the middle of the pandemic; it is great to be five-strong and five years in, bootstrapped all the way.

As I noted in mid-2025, the times they are a’ changing however. 

We’re now making Command Line's stories for paying community members only. Don’t miss out. It’s £25/m or £250/y. We reinvest all subscription revenue back into independent, original editorial.

We regularly talk to technology leaders globally about the choices they are making, strategies they are setting, and the things that keeps them up at night. That includes people managing billions in annual IT budget and running systems handling a good chunk of global GDP.

We also do deep dives on interesting platforms, OSS, vulnerabilities; are launching the inaugural edition of an annual The Stack Summit, featuring JPMorgan’s Group CIO Lori Beer, BNY’s Group CIO Leigh-Ann Russell, and Nomura’s Group CTO Dinesh Keswani (holy mackerel what a roster).

We're also gearing up to launch a new engineering-focused podcast (first episode end-January) presented by a hands-on engineer, for peers. (Want to be involved, as a guest or a sponsor? Email yours truly.)

With thanks to our summit sponsor Datum - building an open network cloud and distributed control plane for modern Service Providers

We think all of this is worth paying for and hope you agree.

(Listen to Denzel, whatever your gender.)

(Anyone we interview, cite, or quote in any of our articles gets a free subscription on us; just pop me a DM or an email and we’ll sort this out.)

<STRIPE LINK!/>

Let's get stuck in !

Below: Phillip De Wet on a recursive language model breakthrough; Kiera Fields on why the UK government is paying out a record sum for a technology leader; Noah Bovenizer on a trio of novel new open-source projects; CIOs: what to do when you have to execute a strategy you disagree with; details on a VMware ESXi exploit toolkit, more.

Got a story or want to chew the fat/shoot the breeze/metaphor of choice for saying hi? I'm on ed@thestack.technology or Signal @Targett.11.

Subscribe to get all the rest of this newsletter, hidden below.

This post is for paying subscribers only

Join peers managing over $100 billion in annual IT spend and subscribe to unlock full access to The Stack’s analysis and events.

Subscribe now

Already a member? Sign in