The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added two of these vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. This new addition is meant to emphasize the growing urgency for all organizations to address these security threats. CVE-2009-0556 is a critical vulnerability affecting all versions of Microsoft Office PowerPoint. At the same time, CVE-2025-37164 puts a large number of people at risk that use HPE OneView.
CVE-2009-0556 CVSS 8.8 Important code injection vulnerability Microsoft reports that the vulnerability can be exploited without user interaction and it is rated Critical. In fact, CVE-2025-37164 has a critical CVSS score of 10.0. It allows remote unauthenticated users to run arbitrary code on HP OneView remotely. This latter vulnerability is a remote command-injection vulnerability that affects all versions of HP OneView prior to version 11.00.
Active Exploitation of Vulnerabilities
Finally, CISA has provided information showing that both CVE-2009-0556 and CVE-2025-37164 are currently under active exploit in the wild. The depth and origin of these attacks is still up in the air. It is worth mentioning that there are no public reports I can find indicating the active exploitation of either vulnerability right now.
HPE has mitigated these critical vulnerabilities by providing hotfixes for OneView versions 5.20, 6, 7, 8, 9 and 10. Users are strongly encouraged to update their systems as soon as possible to keep their systems secure. CISA has advised Federal Civilian Executive Branch (FCEB) agencies to implement necessary fixes by January 28, 2026, to mitigate potential risks.
“Public availability of PoC exploit code significantly increases the risk to organizations running affected versions of the application.” – eSentire
Implications for Organizations
The implications of these vulnerabilities are significant. Any organization that relies on Microsoft Office PowerPoint should be on high alert. The vulnerability CVE-2009-0556 would allow attackers to install malware and gain control of systems, potentially compromising sensitive information. In much the same way, CVE-2025-37164 represents a grave danger for anyone running outdated versions of HPE OneView, putting entire networks at risk.
On December 23, 2025, eSentire published an extensive PoC and provided a detailed walkthrough of CVE-2025-37164. This release definitely represents a big step in the wrong direction. Now that this exploit is publicly available, organizations need to move fast to protect their systems before they can be attacked.
Recommendations for Mitigation
To safeguard against these vulnerabilities, we highly recommend organizations to deploy as needed, and apply any relatively simple, critical updates without delay. Applying the most recent patches now, and on a regular basis, will protect you from the dangers presented by these vulnerabilities and defend you against future exploitation.
Both Microsoft and HPE have emphasized the importance of maintaining updated software versions to ensure maximum protection against emerging threats. Organizations must be proactive in their cybersecurity efforts and remain cognizant of vulnerabilities that could affect their systems.