RondoDox botnet linked to large-scale exploit of critical HPE OneView bug

A critical HPE OneView flaw is now being exploited at scale, with Check Point tying mass, automated attacks to the RondoDox botnet.

The security outfit says it has identified "large-scale exploitation" of CVE-2025-37164, a maximum-severity remote code execution bug in HPE's data center management platform. Check Point has tied the activity to RondoDox, a Linux-based botnet that weaponizes publicly known vulnerabilities across routers, DVRs, web servers, and other devices, using an "exploit-shotgun" approach to build sprawling botnet networks for DDoS, cryptomining, and secondary payload delivery.

When HPE first disclosed the bug in mid-December, its fix was greeted with urgency because of its perfect 10 CVSS severity score and the fact that OneView controls servers, storage, and networking from a central point – essentially a high-privilege command center inside many enterprise environments.

At that stage, the big unknown was whether miscreants were moving past proof-of-concept exploitation to full-blown campaigns. Now that ...