1. Forum
  2. tqwNet
  3. TQW GENTECH

  • New botnet targets HPE OneView vulnerability, so patch now

    From TechnologyDaily@1337:1/100 to All on Tue Jan 20 15:30:10 2026
    New botnet targets HPE OneView vulnerability, so patch now

    Date:
    Tue, 20 Jan 2026 15:15:00 +0000

    Description:
    A critical-level flaw is being abused to expand the RondoDox botnet, experts have warned.

    FULL STORY ======================================================================Critical
    HPE OneView RCE flaw (CVE-2025-37164) exploited despite patch release Over 40,000 botnet-driven attacks observed, mainly from RondoDox targeting key sectors CPR and CISA urge immediate patching due to active, high-severity exploitation

    A dramatic escalation in the exploitation of a critical vulnerability in HPE OneView is currently taking place, experts have warned.

    HPE OneView is a unified IT infrastructure management platform that automates provisioning and lifecycle management using software-defined templates.

    Cybersecurity experts Check Point Research (CPR) are urging all users to
    apply the available patch immediately, after they discovered a remote code execution (RCE) vulnerability in mid-December 2025 which allowed threat
    actors to run malware on underlying operating systems. Real-world risk

    The bug is now tracked as CVE-2025-37164 and was given a severity score of 9.8/10 (critical).

    On December 21 2025, HPE released a patch, and saw first exploitation
    attempts that same night. At first, these attempts were nothing more than probing and reconnaissance, as cybercriminals tested the waters to see if the bug can really be abused, how, and to what extent.

    A few weeks later, starting on January 7, researchers from CPR observed a dramatic escalation, recording more than 40,000 attack attempts in less than four hours. The attempts were automated, botnet-driven, and attributed to the RondoDox botnet.

    This is a relatively new, Linux-based botnet that does all the usual things - facilitates Distributed Denial of Service ( DDoS ) attacks and cryptomining.

    Most of the activity comes from a single IP address in the Netherlands, CPR said, stressing that the IP address was widely reported as suspicious. RondoDox primarily targets government organizations, but also financial services firms and those in the industrial manufacturing sector. The majority of the victims are located in the United States, followed by Australia, France, Germany, and Austria.

    All things considered, CPR says businesses should expedite patching: Organizations running HPE OneView should patch immediately and ensure compensating controls are in place, it said in a security advisory.

    In the meantime, the US Cybersecurity and Infrastructure Security Agency (CISA) added this vulnerability to its catalog of known exploited flaws (KEV) which, CPR further stressed, reinforces the urgency.

    This vulnerability is actively exploited and presents a real-world risk.

    Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the
    Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/new-botnet-targets-hpe-oneview-vulnerab ility-so-patch-now


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)