By The Hacker News
Publication Date: 2026-01-08 04:52:00
The US Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday aggregate two security flaws affecting Microsoft Office and Hewlett Packard Enterprise (HPE) OneView to their known exploited vulnerabilities (K.E.V.) catalogue, citing evidence of active exploitation.
The vulnerabilities are listed below:
- CVE-2009-0556 (CVSS Score: 8.8) – A code injection vulnerability in Microsoft Office PowerPoint that allows remote attackers to execute arbitrary code via memory corruption
- CVE-2025-37164 (CVSS Score: 10.0) – A code injection vulnerability in HPW OneView allows an unauthenticated remote user to perform remote code execution.
Details of CVE-2025-37164 arose last month when HPE said the vulnerability affects all versions of the software prior to version 11.00. The company also made hotfixes available for OneView versions 5.20 through 10.
The scope and source of the attacks targeting the two flaws is…



:max_bytes(150000):strip_icc()/GettyImages-2211018478-80e73f0e32344b3cb7192f4d476e648b.jpg?ssl=1)
