top of page
Search

CISA Flags Microsoft Office and HPE OneView Bugs as Actively Exploited

  • Jan 8
  • 2 min read

Key Findings:


  • CISA has added two security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog:

  • CVE-2009-0556: A code injection flaw in Microsoft Office PowerPoint that allows remote code execution

  • CVE-2025-37164: A code injection vulnerability in HPE OneView that allows remote unauthenticated code execution


Background


  • CVE-2009-0556 is a memory corruption vulnerability in legacy Microsoft PowerPoint that was exploited in the wild in April 2009. It affects PowerPoint 2000/2002/2003 and Office 2004 for Mac.

  • CVE-2025-37164 is a maximum-severity vulnerability (CVSS score of 10.0) in HPE OneView, an IT management and automation platform. The flaw allows remote unauthenticated code execution and impacts all versions prior to 11.0.


CVE-2009-0556: Microsoft Office PowerPoint Flaw


  • The vulnerability is triggered by an invalid index in the OutlineTextRefAtom, leading to improper memory handling when the malicious PowerPoint file is opened.

  • It was exploited in the wild in April 2009 by the Exploit:Win32/Apptom.gen malware, enabling full compromise with user privileges.


CVE-2025-37164: HPE OneView Vulnerability


  • Hewlett Packard Enterprise (HPE) disclosed the vulnerability in December 2025, noting that it impacts all versions of the OneView software prior to version 11.00.

  • HPE has made available hotfixes for OneView versions 5.20 through 10 to address the flaw.

  • According to a report from eSentire, a detailed proof-of-concept (PoC) exploit for CVE-2025-37164 was released in December 2025, significantly increasing the risk to affected organizations.


CISA Guidance


  • Pursuant to Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies are required to apply the necessary fixes by January 28, 2026, to secure their networks against active threats.

  • CISA recommends that private organizations also review the KEV catalog and address the identified vulnerabilities in their infrastructure.


Sources


  • https://thehackernews.com/2026/01/cisa-flags-microsoft-office-and-hpe.html

  • https://securityaffairs.com/186672/security/u-s-cisa-adds-hpe-oneview-and-microsoft-office-powerpoint-flaws-to-its-known-exploited-vulnerabilities-catalog.html

  • https://x.com/TheCyberSecHub/status/2009139806253797733

  • https://www.reddit.com/r/SecOpsDaily/comments/1q740oi/cisa_flags_microsoft_office_and_hpe_oneview_bugs/

  • https://www.msn.com/en-us/news/technology/cisa-flags-actively-exploited-office-relic-alongside-fresh-hpe-flaw/ar-AA1TOycp

  • https://community.opentextcybersecurity.com/vulnerability-vault-228/cisa-flags-microsoft-office-and-hpe-oneview-bugs-as-actively-exploited-363105

Recent Posts

See All
Defeating AI with AI

Key Findings Generative AI and agentic AI are increasingly used by threat actors to conduct faster and more targeted attacks. One capability that AI improves for threat actors is the ability to profil

 
 
 

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page