Ethical Hacking News
Check Point has identified a large-scale exploitation of a critical HPE OneView flaw by the RondoDox botnet, with tens of thousands of automated attack attempts observed. This highlights the severity of the issue and the need for organizations to prioritize patching affected systems without delay.
Tens of thousands of exploit attempts were observed on January 7, coinciding with the day when the vulnerability was added to CISA's list of actively exploited flaws. The critical flaw, CVE-2025-37164, carries a maximum-severity remote code execution (RCE) threat score of 10. Over 40,000 attack attempts were recorded between January 5-9:20 UTC, with analysis indicating that they were driven by the RondoDox botnet. IT professionals are advised to exercise extreme caution when managing their environments and prioritize patching OneView and other affected systems without delay.
The cybersecurity landscape has witnessed a significant escalation in recent days, as Check Point has identified a large-scale exploitation of a critical vulnerability in HPE's OneView management platform. The RondoDox botnet, which has been linked to numerous high-profile attacks in the past, is now being leveraged by attackers to exploit this particular flaw.
According to Check Point's telemetry, tens of thousands of exploit attempts were observed on January 7, coinciding with the day when the vulnerability was added to CISA's list of actively exploited flaws. This dramatic escalation has highlighted the severity of the issue and the potential consequences for organizations that rely on HPE OneView.
The critical flaw, identified as CVE-2025-37164, carries a maximum-severity remote code execution (RCE) threat score of 10. This rating underscores the significant impact that an attacker could have if they were able to exploit this vulnerability. As one of the most high-privilege command centers in enterprise environments, OneView controls servers, storage, and networking from a central point.
In mid-December, HPE first disclosed the bug, prompting urgency among security experts due to its perfect 10 CVSS severity score. However, it remained unclear whether attackers would move beyond proof-of-concept exploitation to launch full-blown campaigns. Check Point's recent findings have confirmed that uncertainty is now a thing of the past.
The botnet-driven attacks observed by Check Point were automated and targeted vulnerable systems en masse. The firm recorded more than 40,000 attack attempts between January 5-9:20 UTC, with analysis indicating that these attempts were driven by the RondoDox botnet. This significant increase in exploit activity highlights the need for organizations to prioritize patching OneView and other affected systems without delay.
In light of this escalating threat, IT professionals are being advised to exercise extreme caution when managing their environments. The ability of attackers to exploit vulnerabilities en masse underscores the importance of proactive security measures, including regular vulnerability assessments and swift patch application.
As the cybersecurity landscape continues to evolve, it is essential for organizations to stay vigilant and take decisive action against emerging threats like RondoDox and its associated attacks on critical infrastructure like OneView.
Related Information:
https://www.ethicalhackingnews.com/articles/RondoDox-Botnet-Ties-Mass-Exploitation-of-Critical-HPE-OneView-Flaw-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2026/01/16/rondodox_botnet_hpe_oneview/
https://blog.checkpoint.com/research/patch-now-active-exploitation-underway-for-critical-hpe-oneview-vulnerability/
https://www.infosecurity-magazine.com/news/rondodox-botnet-targets-hpe/
https://nvd.nist.gov/vuln/detail/CVE-2025-37164
https://www.cvedetails.com/cve/CVE-2025-37164/
https://www.fortinet.com/blog/threat-research/rondobox-unveiled-breaking-down-a-botnet-threat
https://www.bleepingcomputer.com/news/security/rondodox-botnet-malware-now-hacks-servers-using-xwiki-flaw/
Published: Fri Jan 16 07:10:20 2026 by llama3.2 3B Q4_K_M
