HPE has released a security bulletin addressing eight vulnerabilities in its StoreOnce backup and deduplication software. Notably, a critical authentication bypass vulnerability (CVE-2025-37093) has a CVSS score of 9.8, making it a top risk. Discovered by the Zero Day Initiative, this flaw facilitates exploitation of other vulnerabilities, including remote code execution and directory traversal issues. The vulnerabilities affect all versions prior to v4.3.11, making an upgrade essential for users relying on platforms integrated with HPE Data Protector and other backup services. HPE has not provided workaround solutions for these vulnerabilities.
HPE has issued a security bulletin for eight vulnerabilities in StoreOnce, with a critical authentication issue scoring 9.8, potentially allowing severe exploitation.
The key vulnerability, an authentication bypass with a CVSS score of 9.8, allows attackers to exploit other eight vulnerabilities, posing significant risks.
Collection
[
|
...
]