By rohann@checkpoint.com
Publication Date: 2026-01-15 12:00:00
executive summary
- Check Point Research identified an active large-scale exploitation of CVE-2025-37164, a critical remote code execution vulnerability affecting HPE OneView.
- The exploitation campaign is attributed to the RondoDox botnet and rapidly escalated to tens of thousands of automated attack attempts.
- Check Point blocked tens of thousands of exploitation attempts across its security infrastructure, highlighting both the severity of the risk and the importance of layered defenses.
- Check Point reported the active exploit to CISA on January 7, 2026, and the vulnerability was added to the KEV catalog of known exploited vulnerabilities on the same day.
- Organizations running HPE OneView should apply patches immediately to reduce exposure to active exploitation.
- Check Point customers remain protected through automatically updated IPS intrusion prevention systems, which block exploitation attempts aimed at this vulnerability.
Checkpoint…
