Patch Now: Active Exploitation Underway for Critical HPE OneView Vulnerability blog.checkpoint.com/research/…
Check Point Research has identified an active, coordinated exploitation campaign targeting CVE-2025-37164, a critical remote code execution vulnerability affecting HPE OneView. The activity, observed directly in Check Point telemetry, is attributed to the RondoDox botnet and represents a sharp escalation from early probing attempts to large-scale, automated attacks.
Check Point has already blocked tens of thousands of exploitation attempts, underscoring both the severity of the vulnerability and the urgency for organizations to act.
On January 7, 2026 Check Point Research reported the campaign to CISA, and the vulnerability was added to the Known Exploited Vulnerabilities KEV catalog the same day.
