HPE has released a security bulletin addressing eight vulnerabilities in its StoreOnce backup system, including a critical authentication bypass (CVE-2025-37093). Upgrading to version 4.3.11 is essential to mitigate these risks, especially for organizations handling large-scale data. #HPEStoreOnce #CVE202537093
Keypoints
- HPE fixed eight vulnerabilities affecting all versions of StoreOnce software prior to v4.3.11.
- The most severe flaw (CVE-2025-37093) is an authentication bypass with a CVSS score of 9.8.
- Other vulnerabilities include remote code execution, directory traversal, and server-side request forgery.
- Exploitation of these flaws may allow remote attackers to compromise affected systems or access sensitive data.
- HPE recommends upgrading to version 4.3.11 immediately, as no workarounds or mitigations are provided.