The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged two significant vulnerabilities as actively exploited and added them to its Known Exploited Vulnerabilities catalog. The first, CVE-2009-0556, is a code injection vulnerability in Microsoft Office PowerPoint with a CVSS score of 8.8, allowing remote attackers to execute arbitrary code by exploiting memory corruption. This vulnerability enables attackers to run malicious code remotely, potentially compromising affected systems. The second, CVE-2025-37164, is a critical code injection vulnerability in Hewlett Packard Enterprise (HPE) OneView, rated with a CVSS score of 10.0. It allows remote, unauthenticated attackers to execute arbitrary code on all versions prior to 11.00. HPE has released hotfixes for versions 5.20 through 10 to address this flaw. A proof-of-concept exploit for CVE-2025-37164 was publicly released in late December 2025, increasing the risk of exploitation. While no confirmed exploitation in the wild has been publicly reported, the presence of active exploitation evidence and public PoC code elevates the threat level. The vulnerabilities impact widely deployed enterprise software used for productivity (Microsoft Office) and infrastructure management (HPE OneView). The U.S. Federal Civilian Executive Branch has been directed to patch these vulnerabilities by January 28, 2026. The scope and source of attacks remain unclear, but the potential for severe impact through remote code execution is high, making these vulnerabilities critical targets for threat actors.

European organizations using Microsoft Office PowerPoint and HPE OneView are at significant risk of remote code execution attacks that could lead to full system compromise. Exploitation could result in unauthorized access to sensitive data, disruption of business operations, deployment of ransomware or other malware, and lateral movement within networks. Given the widespread use of Microsoft Office across European enterprises and the critical role of HPE OneView in managing IT infrastructure, successful exploitation could affect a broad range of sectors including finance, healthcare, government, and manufacturing. The availability of a public proof-of-concept exploit for the HPE OneView vulnerability increases the likelihood of attacks, especially by less sophisticated threat actors. The vulnerabilities do not require authentication, lowering the barrier for exploitation. This could lead to large-scale campaigns targeting European organizations, potentially causing data breaches, operational downtime, and reputational damage. The impact on confidentiality, integrity, and availability is severe, with potential cascading effects on supply chains and critical infrastructure.

European organizations should immediately prioritize patching affected Microsoft Office PowerPoint installations and HPE OneView deployments with the latest vendor-provided updates, especially upgrading HPE OneView to version 11.00 or applying available hotfixes for versions 5.20 through 10. Network segmentation should be enforced to isolate critical management interfaces like HPE OneView from general network access. Implement strict access controls and monitor network traffic for unusual activity indicative of exploitation attempts, such as unexpected code execution or memory corruption behaviors. Employ endpoint detection and response (EDR) solutions capable of detecting exploitation techniques related to memory corruption and code injection. Conduct regular vulnerability scans and penetration tests to ensure no residual exposure remains. Educate IT and security teams about these specific vulnerabilities and the importance of timely patching. Consider deploying web and email filtering to reduce the risk of malicious documents exploiting the Microsoft Office vulnerability. Finally, maintain robust incident response plans to quickly contain and remediate any successful exploitation.