By Sead Fadilpašić
Publication Date: 2026-01-20 15:15:00
- HPE OneView RCE Critical Flaw (CVE-2025-37164) Exploited Despite Patch Release
- Over 40,000 botnet-driven attacks observed, primarily from RondoDox targeting key sectors
- CPR and CISA urge immediate patching due to active, high-severity exploitation
There is currently a “dramatic escalation” in the exploitation of a critical vulnerability in HPE OneView, experts warned.
HPE OneView is a unified IT infrastructure management platform that automates provisioning and lifecycle management using software-defined templates.
Cybersecurity experts Check Point Research (CPR) urge all users to apply the available patch immediately, after uncovered a remote code execution (RCE) vulnerability in mid-December 2025 that allowed threat actors to execute malware on the database operating systems.
Real world risk
The bug is now tracked as CVE-2025-37164 and has been assigned a severity score of 9.8/10 (critical).
On December 21, 2025, HPE released a patch and saw for the first time…
