Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

HPE OneView actively exploited remote code execution flaw (CVE-2025-37164)

Vulnerability
First reported
Last updated
Happening score
H score 66
3 unique sources, 3 articles

Summary

Hide ▲

CVE-2025-37164 in HPE OneView is being actively exploited, with Check Point Research reporting a Linux-based RondoDox botnet campaign that escalated in January 2026 after early probing in December 2025. The firm recorded more than 40,000 attack attempts on 7 January between 05:45 and 09:20 UTC and said the activity was automated, botnet-driven exploitation. The flaw is a critical RCE in the exposed ExecuteCommand REST API endpoint, and CISA added it to the KEV catalog.

Cases

HPE OneView exploitation and remediation around CVE-2025-37164 (3)

Related Happenings

CPanel & WHM authentication-bypass exploitation wave (CVE-2026-41940)

Exploitation Wave
First: 04.05.2026 11:25 Last: 04.05.2026 11:25 Sources 1

About this happening: Active exploitation of **CVE-2026-41940** is driving a **large cPanel & WHM compromise wave**, putting exposed servers at risk of administrative takeover. **More than 40,000 serve...

Open Happening

Mirai-based CVE-2025-29635 D-Link DIR-823X botnet-enlistment campaign

Campaign
First: 22.04.2026 23:04 Last: 22.04.2026 23:04 Sources 1

About this happening: The **Mirai-based malware campaign** is **actively exploiting CVE-2025-29635** against **D-Link DIR-823X routers**, turning vulnerable devices into botnet nodes. The activity matt...

Open Happening

F5 BIG-IP APM active exploitation wave (CVE-2025-53521)

Exploitation Wave
First: 02.04.2026 11:25 Last: 02.04.2026 11:25 Sources 1

About this happening: As of **2026-04-02**, ongoing attacks are exploiting **CVE-2025-53521** against **F5 BIG-IP APM** systems, leaving more than **14,000** exposed online and at risk of remote code e...

Open Happening

Oracle WebLogic Server CVE-2026-21962 rapid exploitation wave

Exploitation Wave
First: 26.03.2026 18:00 Last: 26.03.2026 18:00 Sources 1

About this happening: **Oracle WebLogic Server** systems faced a rapid **CVE-2026-21962** exploitation wave after public exploit code appeared, creating immediate **RCE risk** for exposed servers. The...

Open Happening

Langflow CVE-2026-33017 exploitation wave

Exploitation Wave
First: 20.03.2026 12:20 Last: 20.03.2026 12:20 Sources 1

About this happening: **CVE-2026-33017** in **Langflow** is being exploited in a fast-moving **early wave** that surfaced within **20 hours** of the advisory, putting exposed instances at immediate ris...

Open Happening

Timeline

  1. 08.01.2026 09:45 3 articles · 4mo ago

    HPE warns on December 16 about OneView RCE and advises upgrading

    Mitigation Patch Update

    HPE warns on December 16 that CVE-2025-37164 in HPE OneView could let a remote unauthenticated user achieve remote code execution, says all OneView versions released before v11.00 are affected, and advises customers to upgrade to OneView version 11.00 or later because no workarounds or mitigations are available.

    Show sources
    Open in new tab
  2. 08.01.2026 09:45 2 articles · 4mo ago

    CISA flags CVE-2025-37164 in HPE OneView as actively exploited

    Initial Disclosure

    CISA flags CVE-2025-37164 in HPE OneView as actively exploited, adds the flaw to its catalog of vulnerabilities exploited in the wild, and gives Federal Civilian Executive Branch agencies three weeks to secure affected systems by January 28 under BOD 22-01 while urging other organizations to patch or discontinue use if mitigations are unavailable.

    Show sources
    Open in new tab