---
title: "CISA Warns of Two Actively Exploited Vulnerabilities—Patch Now"
short_title: "CISA adds two critical exploited vulnerabilities"
description: "CISA has added CVE-2009-0556 and CVE-2025-37164 to its KEV Catalog due to active exploitation. Learn mitigation steps and protect your systems."
author: "Vitus"
date: 2025-01-24
categories: [Cybersecurity, Vulnerabilities]
tags: [cisa, cve-2009-0556, cve-2025-37164, vulnerability-management, threat-intelligence]
score: 0.85
cve_ids: [CVE-2009-0556, CVE-2025-37164]
---
TL;DR
CISA has added two critical vulnerabilities—CVE-2009-0556 (Microsoft Office PowerPoint) and CVE-2025-37164 (HPE OneView)—to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. Federal agencies must patch immediately, but all organizations are urged to prioritize remediation to reduce exposure to cyberattacks.
---
Main Content
The Cybersecurity and Infrastructure Security Agency (CISA) has escalated its response to two newly identified vulnerabilities by adding them to its [Known Exploited Vulnerabilities (KEV) Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog). These vulnerabilities, which are being actively exploited by malicious cyber actors, pose significant risks to organizations, particularly those within the federal enterprise. Immediate action is required to mitigate potential threats and safeguard critical systems.
Key Points
- CISA has added CVE-2009-0556 (Microsoft Office PowerPoint Code Injection Vulnerability) and CVE-2025-37164 (HPE OneView Code Injection Vulnerability) to the KEV Catalog.
- These vulnerabilities are actively exploited in the wild, making them high-priority targets for threat actors.
- Federal Civilian Executive Branch (FCEB) agencies are required to remediate these vulnerabilities by the specified due dates under Binding Operational Directive (BOD) 22-01.
- CISA urges all organizations, not just federal agencies, to prioritize patching these vulnerabilities to reduce their exposure to cyberattacks.
---
Technical Details
#### CVE-2009-0556: Microsoft Office PowerPoint Code Injection Vulnerability
This vulnerability affects older versions of Microsoft Office PowerPoint and allows attackers to execute arbitrary code via a specially crafted PowerPoint file. Successful exploitation could lead to remote code execution (RCE), enabling attackers to gain control of affected systems. Despite its age, this vulnerability remains a viable attack vector due to unpatched legacy systems.
#### CVE-2025-37164: HPE OneView Code Injection Vulnerability
This vulnerability impacts HPE OneView, a infrastructure management platform used for monitoring and automating data center operations. The flaw allows attackers to inject malicious code, potentially leading to unauthorized access, data breaches, or further compromise of connected systems. Given HPE OneView’s role in managing critical infrastructure, exploitation of this vulnerability could have severe consequences.
---
Impact Assessment
The inclusion of these vulnerabilities in CISA’s KEV Catalog underscores their high-risk nature and the urgency of remediation. Here’s why these vulnerabilities are particularly concerning:
1. Active Exploitation: Both vulnerabilities are being actively exploited by threat actors, increasing the likelihood of successful attacks against unpatched systems.
2. Federal Mandate: Under BOD 22-01, federal agencies must patch these vulnerabilities within a specified timeframe, highlighting their criticality.
3. Broader Organizational Risk: While BOD 22-01 applies only to federal agencies, all organizations are potential targets. Cybercriminals often exploit known vulnerabilities to gain initial access, move laterally, and deploy ransomware or steal sensitive data.
4. Legacy and Modern Systems at Risk: The inclusion of CVE-2009-0556 demonstrates that even older vulnerabilities can resurface as threats if systems remain unpatched. Meanwhile, CVE-2025-37164 affects modern infrastructure management tools, amplifying its impact.
---
Mitigation Steps
To protect against these vulnerabilities, organizations should take the following steps:
1. Apply Patches Immediately:
- For CVE-2009-0556, ensure all Microsoft Office PowerPoint installations are updated to the latest patched version.
- For CVE-2025-37164, apply the latest security updates for HPE OneView as recommended by Hewlett Packard Enterprise.
2. Prioritize KEV Catalog Vulnerabilities:
- Regularly monitor CISA’s [KEV Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) and prioritize remediation of listed vulnerabilities.
3. Implement Compensating Controls:
- If patching is not immediately possible, implement network segmentation, access controls, and intrusion detection systems to limit exposure.
4. Educate Employees:
- Train staff to recognize phishing attempts and malicious attachments, as these are common vectors for exploiting vulnerabilities like CVE-2009-0556.
5. Conduct Vulnerability Scans:
- Use vulnerability scanning tools to identify unpatched systems and prioritize remediation efforts.
---
Conclusion
CISA’s addition of CVE-2009-0556 and CVE-2025-37164 to its KEV Catalog serves as a stark reminder of the persistent threats posed by known vulnerabilities. While federal agencies are required to act, all organizations must treat these vulnerabilities as high-priority risks. Timely patching, proactive vulnerability management, and robust cybersecurity practices are essential to mitigating the risk of exploitation and protecting critical systems from cyber threats.
For more details, refer to CISA’s official advisory [here](https://www.cisa.gov/news-events/alerts/2026/01/07/cisa-adds-two-known-exploited-vulnerabilities-catalog).
---
References
[^1]: CISA. "[CISA Adds Two Known Exploited Vulnerabilities to Catalog](https://www.cisa.gov/news-events/alerts/2026/01/07/cisa-adds-two-known-exploited-vulnerabilities-catalog)". Retrieved 2025-01-24.
[^2]: CVE Details. "[CVE-2009-0556 Detail](https://www.cve.org/CVERecord?id=CVE-2009-0556)". Retrieved 2025-01-24.
[^3]: CVE Details. "[CVE-2025-37164 Detail](https://www.cve.org/CVERecord?id=CVE-2025-37164)". Retrieved 2025-01-24.
[^4]: CISA. "[Binding Operational Directive 22-01](https://www.cisa.gov/binding-operational-directive-22-01)". Retrieved 2025-01-24.