CISA flags actively exploited Office relic alongside fresh HPE flaw

Steven

CISA flags actively exploited Office relic alongside fresh HPE flaw

Summary

CISA has added two vulnerabilities to its Known Exploited Vulnerabilities catalogue: CVE-2025-37164, a maximum-severity (CVSS 10.0) code‑injection remote code execution flaw in HPE OneView, and CVE-2009-0556, a long-standing PowerPoint code‑injection bug (CVSS 8.8). The OneView issue has a public proof‑of‑concept and is now listed as being actively exploited; the PowerPoint bug shows that ancient, unpatched Office installs remain a live attack vector.

Key Points

  • CISA added CVE-2025-37164 (HPE OneView RCE) and CVE-2009-0556 (PowerPoint code injection) to the actively exploited list.
  • CVE-2025-37164 scores 10.0 and can allow attackers to inject and execute arbitrary code via OneView management software.
  • A Rapid7 proof‑of‑concept and vendor advisories lowered the barrier for attackers; security firms warned to treat OneView as an assumed‑breach scenario.
  • The PowerPoint bug was patched in 2009 (MS09-017) but remains effective against unpatched or unsupported systems still in use.
  • Organisations should patch OneView, isolate management consoles, harden legacy Office endpoints, and monitor for unusual activity.

Content Summary

HPE disclosed the OneView flaw in December 2025; while HPE has not publicly detailed how widespread exploitation is, CISA’s KEV listing indicates attackers are now using it in the wild. Security vendors highlighted that public PoC code makes exploitation easier. The PowerPoint vulnerability demonstrates that even decade‑old bugs can remain dangerous when systems aren’t maintained or supported. The two issues together underscore attackers’ willingness to exploit both fresh high‑impact enterprise bugs and dusty legacy weaknesses.

Context and Relevance

OneView is a centralised management console for servers, storage and networking — compromising it can yield broad, high‑value access across datacentre environments. At the same time, legacy Office installs are ubiquitous in many organisations and can provide easy footholds. This story sits at the intersection of two ongoing trends: attackers rapidly weaponising public PoCs against enterprise infrastructure, and continued exploitation of long‑neglected, unpatched software.

Why should I read this?

Short: because this could be your management plane or someone’s dusty PowerPoint that lets attackers in. If you run HPE OneView, treat the issue as urgent. If you still have ancient Office on any machines, tidy it up or isolate it. Read this so you know what to patch, where to look in logs, and why ‘too old to care’ is a very bad stance.

Author style

Punchy — this isn’t just another patch note. The OneView RCE is an urgent operational risk and the PowerPoint relic is a reminder that age doesn’t equal safety. If you’re responsible for infrastructure or endpoint security, this warrants immediate attention.

Source

Source: https://go.theregister.com/feed/www.theregister.com/2026/01/08/cisa_oneview_powerpoint_bugs/