What's Happening?
A significant cybersecurity threat has emerged as the RondoDox botnet targets a critical vulnerability in HPE OneView, an IT infrastructure management platform. According to Check Point Research, this Linux-based botnet has escalated from initial probing
to large-scale automated attacks, exploiting the vulnerability identified as CVE-2025-37164. This vulnerability, which was first published in December 2025, has been given a critical CVSS score of 10 by HPE. The botnet's activity has been intense, with over 40,000 attack attempts recorded in a single day in January 2026. The vulnerability allows attackers to execute remote code on affected systems without authentication, posing a severe risk to organizations using HPE OneView. Check Point has reported the campaign to the Cybersecurity and Infrastructure Security Agency (CISA), and the vulnerability has been added to the Known Exploited Vulnerabilities catalog.
Why It's Important?
The exploitation of this vulnerability by the RondoDox botnet highlights a critical security risk for organizations relying on HPE OneView for managing their IT infrastructure. The ability of attackers to execute remote code without authentication could lead to significant data breaches, operational disruptions, and financial losses. This situation underscores the importance of timely patching and implementing compensating controls to protect against such threats. The inclusion of this vulnerability in CISA's catalog emphasizes the urgency for organizations to act swiftly to mitigate potential damages. The widespread use of HPE OneView across various sectors means that a broad range of industries could be affected, potentially impacting national security and economic stability.
What's Next?
Organizations using HPE OneView are advised to apply patches immediately and ensure that compensating controls are in place to protect against this vulnerability. As the RondoDox botnet continues to exploit high-profile vulnerabilities, cybersecurity teams must remain vigilant and proactive in their defense strategies. The ongoing threat may prompt further actions from cybersecurity agencies and industry leaders to enhance protective measures and share intelligence on emerging threats. Additionally, there may be increased scrutiny on IT infrastructure management platforms to ensure they are secure against such vulnerabilities.
