By Beth Maundrill
Publication Date: 2026-01-16 09:15:00
Check Point Research has identified an active and coordinated exploitation campaign by a botnet targeting a critical vulnerability affecting HPE OneView.
The activity has been attributed to the Linux-based RondoDox. robot network and Check Point warned that the campaign represents a sharp escalation from early investigative attempts to large-scale automated attacks.
The HPE OneView vulnerability, CVE-2025-37164, was first published in the National Vulnerability Database (NVD) on December 16, 2025, and was given a CVSS 3.1 score out of 10 (critical) by HPE.
In an update published on January 15, Check Point said it had already blocked tens of thousands of exploitation attempts, underscoring both the severity of the vulnerability and the urgency for organizations to act.
After detecting early exploitation activity and implementing vulnerability protection measures in December 2025, Check Point observed a dramatic increase in active exploitation in January 2026.
On the 7th…
