Patch Now: Active Exploitation Underway For Critical HPE OneView Vulnerability
Check Point, Thursday, January 15th, 2026
I spoke with Joshua Copeland, Director of Cybersecurity at Crescendo AI and Professor at Tulane University, about MSPs and municipalities. He's blunt: 'Municipalities aren't hit because they're interesting-they're hit because they're reachable, predictable, and unprepared.' The core remedy, he says, is simple: remove those three advantages from the attacker.
Executive Summary:
Check Point Research identified active, large-scale exploitation of CVE-2025-37164, a critical remote code execution vulnerability affecting HPE OneView.
The exploitation campaign is attributed to the RondoDox botnet and escalated rapidly to tens of thousands of automated attack attempts.
Check Point blocked tens of thousands of exploitation attempts through its security infrastructure, highlighting both the severity of the risk and the importance of layered defenses.
Check Point reported the active exploitation to CISA on January 7, 2026, and the vulnerability was added to the Known Exploited Vulnerabilities KEV catalog the same day.
Organizations running HPE OneView should patch immediately to reduce exposure to active exploitation.
Check Point customers remain protected through automatically updated Intrusion Prevention Systems IPS, which block exploitation attempts targeting this vulnerability.