Hewlett Packard Enterprise (HPE) has announced security patches to address eight vulnerabilities in its StoreOnce backup solution, posing risks like remote code execution and authentication bypass. Key among these is CVE-2025-37093, a highly critical flaw rated at 9.8 on the CVSS scale, affecting all versions before 4.3.11. Discovering researcher credits Zero Day Initiative (ZDI), implying a vulnerability tied to improper authentication algorithm implementation. These vulnerabilities could facilitate serious attacks, including arbitrary file deletion when compounded with other flaws.
These vulnerabilities could be remotely exploited to allow remote code execution, disclosure of information, server-side request forgery, authentication bypass, arbitrary file deletion, and directory traversal information disclosure vulnerabilities.
An attacker can leverage this vulnerability to bypass authentication on the system.
#hewlett-packard-enterprise #security-vulnerabilities #data-backup-solutions #remote-code-execution #cybersecurity
Collection
[
|
...
]