top of page
Search

CISA Flags Microsoft Office and HPE OneView Bugs as Actively Exploited

  • Jan 8
  • 2 min read

Key Findings:


  • CISA has added two security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog:

  • CVE-2009-0556: A code injection flaw in Microsoft Office PowerPoint that allows remote code execution

  • CVE-2025-37164: A code injection vulnerability in HPE OneView that allows remote unauthenticated code execution


Background


  • CVE-2009-0556 is a memory corruption vulnerability in legacy Microsoft PowerPoint that was exploited in the wild in April 2009. It affects PowerPoint 2000/2002/2003 and Office 2004 for Mac.

  • CVE-2025-37164 is a maximum-severity vulnerability (CVSS score of 10.0) in HPE OneView, an IT management and automation platform. The flaw allows remote unauthenticated code execution and impacts all versions prior to 11.0.


CVE-2009-0556: Microsoft Office PowerPoint Flaw


  • The vulnerability is triggered by an invalid index in the OutlineTextRefAtom, leading to improper memory handling when the malicious PowerPoint file is opened.

  • It was exploited in the wild in April 2009 by the Exploit:Win32/Apptom.gen malware, enabling full compromise with user privileges.


CVE-2025-37164: HPE OneView Vulnerability


  • Hewlett Packard Enterprise (HPE) disclosed the vulnerability in December 2025, noting that it impacts all versions of the OneView software prior to version 11.00.

  • HPE has made available hotfixes for OneView versions 5.20 through 10 to address the flaw.

  • According to a report from eSentire, a detailed proof-of-concept (PoC) exploit for CVE-2025-37164 was released in December 2025, significantly increasing the risk to affected organizations.


CISA Guidance


  • Pursuant to Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies are required to apply the necessary fixes by January 28, 2026, to secure their networks against active threats.

  • CISA recommends that private organizations also review the KEV catalog and address the identified vulnerabilities in their infrastructure.


Sources


  • https://thehackernews.com/2026/01/cisa-flags-microsoft-office-and-hpe.html

  • https://securityaffairs.com/186672/security/u-s-cisa-adds-hpe-oneview-and-microsoft-office-powerpoint-flaws-to-its-known-exploited-vulnerabilities-catalog.html

  • https://x.com/TheCyberSecHub/status/2009139806253797733

  • https://www.reddit.com/r/SecOpsDaily/comments/1q740oi/cisa_flags_microsoft_office_and_hpe_oneview_bugs/

  • https://www.msn.com/en-us/news/technology/cisa-flags-actively-exploited-office-relic-alongside-fresh-hpe-flaw/ar-AA1TOycp

  • https://community.opentextcybersecurity.com/vulnerability-vault-228/cisa-flags-microsoft-office-and-hpe-oneview-bugs-as-actively-exploited-363105

Recent Posts

See All

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page