Hewlett Packard Enterprise (HPE) has issued important security updates to fix multiple vulnerabilities in its StoreOnce data backup and deduplication system. These vulnerabilities could potentially allow attackers to execute remote code, gain unauthorized access, and conduct other harmful actions.
HPE identified eight vulnerabilities, with one critical flaw, tracked as CVE-2025-37093, rated 9.8 on the CVSS scale for its severity. This flaw enables an authentication bypass and affects all versions prior to 4.3.11. HPE was made aware of these vulnerabilities on October 31, 2024.
The Zero Day Initiative, which credited an anonymous researcher for the discovery, pointed out that these vulnerabilities arise from an improper implementation of an authentication algorithm in the machineAccountCheck method. Exploiting this vulnerability could permit remote attackers to bypass authentication on various affected installations. Furthermore, it could be combined with other vulnerabilities for broader exploits, which may include code execution, information exposure, and arbitrary file deletions.
The complete list of vulnerabilities includes:
- CVE-2025-37089: Remote Code Execution
- CVE-2025-37090: Server-Side Request Forgery
- CVE-2025-37091: Remote Code Execution
- CVE-2025-37092: Remote Code Execution
- CVE-2025-37093: Authentication Bypass
- CVE-2025-37094: Directory Traversal Arbitrary File Deletion
- CVE-2025-37095: Directory Traversal Information Disclosure
- CVE-2025-37096: Remote Code Execution
In light of these issues, HPE also released patches addressing several critical vulnerabilities in its other products, including the HPE Telco Service Orchestrator, which also has a serious flaw with a similar CVSS score of 9.8.
Users are strongly advised to apply the latest security updates to safeguard their systems against potential exploitation. While no active attacks have been reported, the vulnerabilities pose significant security risks that must be mitigated promptly.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.