A recent update to CISA’s KEV catalog includes a 16-year-old PowerPoint flaw and a new severe vulnerability in HPE’s OneView software. These vulnerabilities highlight ongoing risks in widely used enterprise and productivity software. #CISAKEV #PowerPointVulnerability #HPEOneView #CodeInjection
Keypoints
- CVE-2025-37164 is a critical remote code execution vulnerability in HPE OneView, rated 10.0.
- The PowerPoint vulnerability CVE-2009-0556 allows malicious files to execute arbitrary code in older versions of Microsoft PowerPoint.
- CISA added these vulnerabilities to the KEV catalog despite limited details on active exploitation methods.
- HPE has released a hotfix for affected versions of OneView, but clarification is needed on specific vulnerable versions.
- The PowerPoint flaw was first exploited in 2009 and could allow complete system control if successfully exploited.
Read More: https://thecyberexpress.com/cisa-warns-powerpoint-and-hpe-vulnerabilities/