Home / Technology / HPE OneView Under Siege: Critical Flaw Exploited
HPE OneView Under Siege: Critical Flaw Exploited
20 Jan
Summary
- Remote code execution vulnerability in HPE OneView discovered mid-December 2025.
- Over 40,000 attack attempts observed in under four hours since January 7.
- RondoDox botnet actively exploits the critical flaw, targeting governments and financial firms.
A critical vulnerability within HPE's OneView platform is being actively and intensely exploited, prompting urgent warnings from cybersecurity experts. This remote code execution flaw, discovered in mid-December 2025 and tracked as CVE-2025-37164, allows threat actors to deploy malware on underlying operating systems. HPE released a patch on December 21, 2025, but exploitation attempts escalated dramatically starting January 7, with over 40,000 attacks detected in under four hours.
The escalated attacks are attributed to the RondoDox botnet, a relatively new Linux-based threat known for DDoS attacks and cryptomining. Most of this activity has been traced to a single suspicious IP address in the Netherlands. The primary targets include government organizations, financial services firms, and the industrial manufacturing sector, with the majority of victims located in the United States, followed by Australia, France, Germany, and Austria. Both Check Point Research (CPR) and the US Cybersecurity and Infrastructure Security Agency (CISA) emphasize the immediate need for patching and deploying compensating controls.
