By Berry Zwets
Publication Date: 2026-01-16 13:57:00
Check Point Research has identified a coordinated attack campaign targeting CVE-2025-37164, a critical vulnerability in HPE OneView. The RondoDox botnet is moving from initial reconnaissance to large-scale automated attacks. Check Point has already blocked tens of thousands of exploitation attempts.
The wave of attacks came shortly after the vulnerability was published. On December 16, 2025, Hewlett Packard Enterprise published an advisory regarding CVE-2025-37164, a critical remote code execution vulnerability in HPE OneView. The vulnerability received the highest CVE score. and allows unauthenticated attackers to directly execute code.
Check Point deployed emergency protection through its Quantum intrusion prevention system on December 21. That same afternoon they detected the first exploitation attempts. What started as simple proof-of-concept attempts quickly turned into something much bigger.
Dramatic escalation to 40,000 attacks
On January 7, 2026,…
