"The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting Microsoft Office and Hewlett Packard Enterprise (HPE) OneView to its Known Exploited Vulnerabilities ( KEV) catalog, citing evidence of active exploitation. The vulnerabilities are listed below - CVE-2009-0556 (CVSS score: 8.8) - A code injection vulnerability in Microsoft Office PowerPoint that allows remote attackers to execute arbitrary code by means of memory corruption"
"Details of CVE-2025-37164 emerged last month when HPE said the vulnerability impacts all versions of the software prior to version 11.00. The company also made available hotfixes for OneView versions 5.20 through 10. The scope and source of the attacks targeting the two flaws is presently unclear, and there appear to be no public reports referencing their exploitation in the wild."
CISA added two vulnerabilities to its Known Exploited Vulnerabilities catalog citing evidence of active exploitation. CVE-2009-0556 is a code injection vulnerability in Microsoft Office PowerPoint (CVSS 8.8) that allows remote attackers to execute arbitrary code via memory corruption. CVE-2025-37164 is a code injection vulnerability in HPE OneView (CVSS 10.0) that permits unauthenticated remote code execution and affects versions prior to 11.00; HPE released hotfixes for OneView 5.20 through 10. eSentire reported a public proof-of-concept for CVE-2025-37164, increasing exploitation risk. FCEB agencies are advised to apply fixes by January 28, 2026 under BOD 22-01.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]