腾讯网

CISA警告HPE OneView和微软Office漏洞正被活跃利用

美国网络安全和基础设施安全局(CISA)近日在其已知被利用漏洞目录中新增了两个安全漏洞,警告攻击者正在滥用HPE OneView管理软件中的最高严重级别漏洞以及微软Office中一个存在多年的缺陷。 CISA最新更新的已知被利用漏洞目录标记了CVE-2025-37164(HPE OneView中的代码注入漏洞)和CVE-2009-0556(PowerPoint代码注入漏洞,该漏洞已潜伏超过15年) ...
至顶头条 on MSN

HPE OneView严重漏洞遭野外攻击利用

美国网络安全和基础设施安全局确认,HPE软件定义管理平台OneView中的最高严重性漏洞CVE-2025-37164正遭受攻击利用。该漏洞CVSS评分为满分10分,属于远程代码执行漏洞。由于OneView在企业网络中具有特权控制平面地位,可管理服务器、存储系统等关键基础设施,一旦被攻击者利用将造成灾难性后果。HPE已发布热修复补丁覆盖5.20至10.20版本。
Network World

HPE OneView vulnerable to remote code execution attack

An unauthenticated user can execute the attack, and there’s no mitigation, just a hotfix that should be applied immediately. A maximum severity remote code execution vulnerability in Hewlett Packard ...
SDxCentral

HPE OneView under threat from IoT botnet campaign

A recently disclosed vulnerability in the OneView program from Hewlett Packard Enterprise (HPE) has become the subject of a ...
Dark Reading

Maximum Severity HPE OneView Flaw Exploited in the Wild

A maximum-severity vulnerability in OneView, HPE's software-defined management platform, has come under attack, according to the Cybersecurity and Infrastructure Security Agency (CISA). CVE-2025-37164 ...
Techzine Europe

RondoDox botnet exploits HPE OneView vulnerability on a massive scale

Check Point Research has identified a coordinated attack campaign targeting CVE-2025-37164, a critical vulnerability in HPE OneView. The RondoDox botnet ...

Patch now - this new botnet is targeting HPR OneView vulnerabilities

The critical flaw represents real-world risk ...
Bleeping Computer

CISA tags max severity HPE OneView flaw as actively exploited

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged a maximum-severity HPE OneView vulnerability as actively exploited in attacks. HPE's OneView infrastructure management ...
CSOonline

CISA flags max-severity bug in HPE OneView amid active exploitation

The flaw allows remote code execution via a public REST API, giving attackers a direct path to compromise enterprise infrastructure. A max-severity remote code execution (RCE) flaw in HPE’s OneView ...
SDxCentral

CISA warns critical HPE OneView bug is in the wild and being exploited

The Cybersecurity and Infrastructure Security Agency (CISA) has warned a critical vulnerability in software from Hewlett Packard Enterprise (HPE) is being actively exploited. A bug in the ...
Infosecurity Magazine

RondoDox Botnet Targets HPE OneView Vulnerability in Exploitation Wave

Check Point Research has reported a surge in attacks on a vulnerability in HPE OneView, driven by the Linux-based RondoDox ...
heise online

Patch now! Attackers are targeting HPE OneView and PowerPoint

Currently, unknown attackers are targeting macOS systems via a seventeen-year-old security vulnerability in PowerPoint with malicious code. HPE's IT management system, OneView, is also currently ...