{"id":4140,"date":"2026-01-17T09:39:00","date_gmt":"2026-01-17T09:39:00","guid":{"rendered":"https:\/\/ft365.org\/index.php\/2026\/01\/17\/rondodox-botnet-targets-hpe-oneview-vulnerability-in-exploitation-wave\/"},"modified":"2026-01-17T09:39:00","modified_gmt":"2026-01-17T09:39:00","slug":"rondodox-botnet-targets-hpe-oneview-vulnerability-in-exploitation-wave","status":"publish","type":"post","link":"https:\/\/ft365.org\/index.php\/2026\/01\/17\/rondodox-botnet-targets-hpe-oneview-vulnerability-in-exploitation-wave\/","title":{"rendered":"RondoDox Botnet Targets HPE OneView Vulnerability in Exploitation Wave"},"content":{"rendered":"<div id=\"cphContent_pnlArticleBody\" data-layout-id=\"2\" data-edit-folder-name=\"text\" data-index=\"0\">\n<p>An active, coordinated exploitation campaign conducted by a botnet has been identified by Check Point Research which is targeting a critical vulnerability affecting HPE OneView.<\/p>\n<p>The activity has been attributed to the Linux-based RondoDox botnet and Check Point warned the campaign represents a sharp escalation from early probing attempts to large-scale, automated attacks.<\/p>\n<p>The HPE OneView vulnerability, CVE-2025-37164, was first published to the National Vulnerability Database (NVD) on 16 December, 2025 and was given a CVSS 3.1 score of 10 (critical) by HPE.<\/p>\n<p>In an update published on 15 January, Check Point said it has already blocked tens of thousands of exploitation attempts, underscoring both the severity of the vulnerability and the urgency for organizations to act.<\/p>\n<p>After detecting early exploitation activity and deploying protection measures against the vulnerability in December 2025, Check Point observed a dramatic increase in active exploitation in January 2026.<\/p>\n<p>On 7 January, between 05:45 and 09:20 UTC, the firm recorded more than 40,000 attack attempts exploiting CVE-2025-37164.<\/p>\n<p>\u201cAnalysis indicates that these attempts were automated, botnet-driven exploitation,\u201d Check Point said.<\/p>\n<p>RondoDox was first publicly identified in mid-2025, and Check Point said it has observed it actively exploiting high-profile vulnerabilities, including December\u2019s React2Shell CVE-2025-55182, with a particular focus on unpatched edge and perimeter infrastructure.<\/p>\n<p>Check Point Research reported the campaign to\u00a0CISA the same day, and the vulnerability was\u00a0added\u00a0to the Known Exploited Vulnerabilities (KEV) catalog the same day.<\/p>\n<p>The HPE OneView is an IT infrastructure management platform that automates the management of computation, storage, and networking resources, which is widely used by organizations across various sectors.<\/p>\n<p>The critical RCE vulnerability resides in the exposed\u00a0<em>ExecuteCommand<\/em>\u00a0REST API endpoint tied to the\u00a0<em>id-pools<\/em>\u00a0functionality.\u00a0<\/p>\n<p>The endpoint accepts attacker supplied input without authentication or authorization checks and executes it directly via the underlying operating system runtime, without authentication or authorization checks.<\/p>\n<p>This provides attackers with a direct path to remote code execution on affected systems.<\/p>\n<p>\u201cOrganizations running HPE OneView should patch immediately and ensure compensating controls are in place. The inclusion of CVE-2025-37164 in CISA\u2019s KEV catalog reinforces the urgency. This vulnerability is actively exploited and presents a real-world risk,\u201d Check Point said.<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>An active, coordinated exploitation campaign conducted by a botnet has been identified by Check Point Research which is targeting a critical vulnerability affecting HPE OneView. The activity has been attributed to the Linux-based RondoDox botnet and Check Point warned the campaign represents a sharp escalation from early probing attempts to large-scale, automated attacks. The HPE<\/p>\n","protected":false},"author":2,"featured_media":4141,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-4140","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4140-d8c46b92-8cfc-4d60-9502-173970fc5263.jpg",300,300,false],"thumbnail":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4140-d8c46b92-8cfc-4d60-9502-173970fc5263-150x150.jpg",150,150,true],"medium":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4140-d8c46b92-8cfc-4d60-9502-173970fc5263.jpg",300,300,false],"medium_large":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4140-d8c46b92-8cfc-4d60-9502-173970fc5263.jpg",300,300,false],"large":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4140-d8c46b92-8cfc-4d60-9502-173970fc5263.jpg",300,300,false],"1536x1536":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4140-d8c46b92-8cfc-4d60-9502-173970fc5263.jpg",300,300,false],"2048x2048":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4140-d8c46b92-8cfc-4d60-9502-173970fc5263.jpg",300,300,false],"morenews-featured":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4140-d8c46b92-8cfc-4d60-9502-173970fc5263.jpg",300,300,false],"morenews-large":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4140-d8c46b92-8cfc-4d60-9502-173970fc5263.jpg",300,300,false],"morenews-medium":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4140-d8c46b92-8cfc-4d60-9502-173970fc5263.jpg",300,300,false],"crawlomatic_preview_image":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4140-d8c46b92-8cfc-4d60-9502-173970fc5263-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"https:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"<a href=\"https:\/\/ft365.org\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/4140","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=4140"}],"version-history":[{"count":0,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/4140\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/4141"}],"wp:attachment":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=4140"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=4140"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=4140"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}