Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact
Vulnerability Exploitation Wave Security Patch Release

HPE OneView exploitation and remediation around CVE-2025-37164

Updated 16.01.2026 11:15
Case score 69
Case score 69 Members 3 Latest activity 16.01.2026 11:15
Active exploitation Public PoC/exploit reported Patch available CVSS: 10.0 Critical
Members 3 First seen 18.12.2025 16:39 Last seen 16.01.2026 11:15 Updated 16.01.2026 11:15

Overview

**CVE-2025-37164** in **HPE OneView** is under active exploitation, with Check Point Research describing a **RondoDox** botnet campaign that moved from December probing to January automation. On 7 January, defenders saw more than 40,000 attempts in a few hours against the exposed **ExecuteCommand REST API**, showing a broad remote-code-execution threat to management-plane deployments. HPE issued **version 11.00** and hotfixes, and **CISA** placed the flaw in the **KEV catalog** while giving **FCEB** agencies a **January 28** deadline under **BOD 22-01**. Available evidence does not quantify successful compromise, but the activity remains urgent because there is no workaround and the exposed management surface is directly executable.

Signals

8 derived
Exploitation
CVSS 10.0 Critical Exploitation Active exploitation Exploit Public PoC/exploit reported
CVEs/products
CVE
Victims/regions
Victim region United States
Remediation
Urgency Immediate Remediation Patch available
Threat context
Threat context RondoDox

Malware context

1 families

Member happenings

3 related
Vulnerability HPE OneView actively exploited remote code execution flaw (CVE-2025-37164)
Updated 08.01.2026 09:45 Lead Contribution 66
Exploitation Active Exploitation Exploit Public Exploit CVSS 10.0 Critical Patch Patch Available

**CVE-2025-37164** in **HPE OneView** is being **actively exploited**, with **Check Point Research** reporting a **Linux-based RondoDox botnet** campaign that escalated in **January 2026** after early probing in **December 2025**. The firm recorded **more than 40,000 attack attempts** on **7 January** between **05:45 and 09:20 UTC** and said the activity was **automated, botnet-driven exploitation**. The flaw is a **critical RCE** in the exposed **ExecuteCommand REST API** endpoint, and **CISA** added it to the **KEV catalog**.

View happening
Exploitation Wave HPE OneView RondoDox exploitation wave (CVE-2025-37164)
Updated 16.01.2026 11:15 Scoring Support Contribution 3
Exploitation Active Exploitation CVSS 10.0 Critical Patch Patch Available

**RondoDox** has driven a **large-scale exploitation wave** against **HPE OneView** by targeting **CVE-2025-37164**, with activity escalating into **automated attacks** that created immediate risk for exposed systems. The wave became especially concerning on **7 January 2026**, when more than **40,000 attack attempts** were recorded in a few hours. The flaw is a **critical RCE** and has already been added to **CISA’s KEV catalog**, underscoring the urgency for defenders.

View happening
Security Patch Release HPE OneView CVE-2025-37164 patch release
Updated 18.12.2025 16:39 Context
Exploitation No Known Exploitation CVSS 10.0 Critical Urgency Immediate Patch Patch Available

**Hewlett Packard Enterprise** released **version 11.00** to fix **CVE-2025-37164**, a **CVSS 10.0** flaw in **HPE OneView Software** that could allow **remote code execution**. HPE also provided **hotfixes** for **versions 5.20 through 10.20**, giving administrators a clear remediation path for affected deployments. The vendor said the update covers **all versions prior to 11.00**, making the release the primary fix for the issue.

View happening