HPE OneView RondoDox exploitation wave (CVE-2025-37164)
Exploitation Wave
Summary
Hide ▲
Show ▼
RondoDox has driven a large-scale exploitation wave against HPE OneView by targeting CVE-2025-37164, with activity escalating into automated attacks that created immediate risk for exposed systems. The wave became especially concerning on 7 January 2026, when more than 40,000 attack attempts were recorded in a few hours. The flaw is a critical RCE and has already been added to CISA’s KEV catalog, underscoring the urgency for defenders.
Cases
Related Happenings
CISA adds CVE-2026-12569 to KEV for PTC Windchill and FlexPLM
Public Sector Action
H score46
First: 26.06.2026 15:31
Last: 26.06.2026 15:31
Sources 1
About this happening:
CISA **added CVE-2026-12569** to the **KEV catalog** after finding **active exploitation** of **PTC Windchill PDMlink** and **PTC FlexPLM**, elevating the flaw to a federal remedi...
CISA adds CVE-2026-12569 to KEV for PTC Windchill and FlexPLM
Public Sector ActionAbout this happening: CISA **added CVE-2026-12569** to the **KEV catalog** after finding **active exploitation** of **PTC Windchill PDMlink** and **PTC FlexPLM**, elevating the flaw to a federal remedi...
Lantronix EDS5000 Series devices code-injection flaw (CVE-2025-67038)
Vulnerability
H score43
First: 24.06.2026 20:19
Last: 24.06.2026 20:19
Sources 1
About this happening:
**CVE-2025-67038** in **Lantronix EDS5000 Series devices** is now under **active exploitation**, creating a **root-level command execution** risk for affected systems. **CISA** to...
Lantronix EDS5000 Series devices code-injection flaw (CVE-2025-67038)
VulnerabilityAbout this happening: **CVE-2025-67038** in **Lantronix EDS5000 Series devices** is now under **active exploitation**, creating a **root-level command execution** risk for affected systems. **CISA** to...
Everest Forms Pro CVE-2026-3300 active exploitation wave
Exploitation Wave
H score87
First: 05.06.2026 11:38
Last: 05.06.2026 11:38
Sources 1
About this happening:
Active exploitation of **CVE-2026-3300** in **Everest Forms Pro** is driving **complete site compromise** risk for WordPress sites. Attackers have been using the flaw for arbitrar...
Everest Forms Pro CVE-2026-3300 active exploitation wave
Exploitation WaveAbout this happening: Active exploitation of **CVE-2026-3300** in **Everest Forms Pro** is driving **complete site compromise** risk for WordPress sites. Attackers have been using the flaw for arbitrar...
Magento exploitation wave for CVE-2026-45247
Exploitation Wave
H score9
First: 04.06.2026 10:19
Last: 04.06.2026 10:19
Sources 1
About this happening:
Active exploitation of **CVE-2026-45247** is hitting **Mirasvit Cache Warmer** on **Magento** stores, with malicious requests carrying serialized PHP payloads that can lead to **r...
Magento exploitation wave for CVE-2026-45247
Exploitation WaveAbout this happening: Active exploitation of **CVE-2026-45247** is hitting **Mirasvit Cache Warmer** on **Magento** stores, with malicious requests carrying serialized PHP payloads that can lead to **r...
PAN-OS GlobalProtect CVE-2026-0257 exploitation wave
Exploitation Wave
H score18
First: 01.06.2026 11:30
Last: 01.06.2026 11:30
Sources 1
About this happening:
A **CVE-2026-0257** exploitation wave is hitting **Palo Alto Networks PAN-OS GlobalProtect** appliances, creating **unauthorized VPN access** risk for **multiple customers**. **Ra...
PAN-OS GlobalProtect CVE-2026-0257 exploitation wave
Exploitation WaveAbout this happening: A **CVE-2026-0257** exploitation wave is hitting **Palo Alto Networks PAN-OS GlobalProtect** appliances, creating **unauthorized VPN access** risk for **multiple customers**. **Ra...
Timeline
-
16.01.2026 11:15 2 articles · 5mo ago
HPE OneView RondoDox exploitation wave (CVE-2025-37164)
Initial DisclosureEarly activity in **December 2025** consisted of probing and initial exploitation attempts against **HPE OneView**. The campaign then escalated in **January 2026** into **botnet-driven automated exploitation** at scale.
Show sources
- RondoDox Botnet Targets HPE OneView Vulnerability in Exploitation Wave — www.infosecurity-magazine.com — 16.01.2026 11:15
- RondoDox Botnet Targets HPE OneView Vulnerability in Exploitation Wave — www.infosecurity-magazine.com — 16.01.2026 11:15