Find notable cyber news and cases, enriched with sources, timelines, and signals.

HPE OneView actively exploited remote code execution flaw (CVE-2025-37164)

Vulnerability
First reported
Last updated
Happening score
H score 83
3 unique sources, 3 articles

Summary

Hide ▲

CVE-2025-37164 in HPE OneView is being actively exploited, with Check Point Research reporting a Linux-based RondoDox botnet campaign that escalated in January 2026 after early probing in December 2025. The firm recorded more than 40,000 attack attempts on 7 January between 05:45 and 09:20 UTC and said the activity was automated, botnet-driven exploitation. The flaw is a critical RCE in the exposed ExecuteCommand REST API endpoint, and CISA added it to the KEV catalog.

Cases

Related Happenings

Everest Forms Pro CVE-2026-3300 active exploitation wave

Exploitation Wave
H score87 First: 05.06.2026 11:38 Last: 05.06.2026 11:38 Sources 1

About this happening: Active exploitation of **CVE-2026-3300** in **Everest Forms Pro** is driving **complete site compromise** risk for WordPress sites. Attackers have been using the flaw for arbitrar...

Magento exploitation wave for CVE-2026-45247

Exploitation Wave
H score9 First: 04.06.2026 10:19 Last: 04.06.2026 10:19 Sources 1

About this happening: Active exploitation of **CVE-2026-45247** is hitting **Mirasvit Cache Warmer** on **Magento** stores, with malicious requests carrying serialized PHP payloads that can lead to **r...

PAN-OS GlobalProtect CVE-2026-0257 exploitation wave

Exploitation Wave
H score18 First: 01.06.2026 11:30 Last: 01.06.2026 11:30 Sources 1

About this happening: A **CVE-2026-0257** exploitation wave is hitting **Palo Alto Networks PAN-OS GlobalProtect** appliances, creating **unauthorized VPN access** risk for **multiple customers**. **Ra...

CPanel & WHM authentication-bypass exploitation wave (CVE-2026-41940)

Exploitation Wave
H score89 First: 04.05.2026 11:25 Last: 04.05.2026 11:25 Sources 1

About this happening: Active exploitation of **CVE-2026-41940** is driving a **large cPanel & WHM compromise wave**, putting exposed servers at risk of administrative takeover. **More than 40,000 serve...

Mirai-based CVE-2025-29635 D-Link DIR-823X botnet-enlistment campaign

Campaign
H score38 First: 22.04.2026 23:04 Last: 22.04.2026 23:04 Sources 1

About this happening: The **Mirai-based malware campaign** is **actively exploiting CVE-2025-29635** against **D-Link DIR-823X routers**, turning vulnerable devices into botnet nodes. The activity matt...

Timeline

  1. 08.01.2026 09:45 3 articles · 6mo ago

    HPE warns on December 16 about OneView RCE and advises upgrading

    Mitigation Patch Update

    HPE warns on December 16 that CVE-2025-37164 in HPE OneView could let a remote unauthenticated user achieve remote code execution, says all OneView versions released before v11.00 are affected, and advises customers to upgrade to OneView version 11.00 or later because no workarounds or mitigations are available.

    Show sources
  2. 08.01.2026 09:45 2 articles · 6mo ago

    CISA flags CVE-2025-37164 in HPE OneView as actively exploited

    Initial Disclosure

    CISA flags CVE-2025-37164 in HPE OneView as actively exploited, adds the flaw to its catalog of vulnerabilities exploited in the wild, and gives Federal Civilian Executive Branch agencies three weeks to secure affected systems by January 28 under BOD 22-01 while urging other organizations to patch or discontinue use if mitigations are unavailable.

    Show sources