- HPE PATCHS Eight defects in the Storeonce platform
- Among the faults, a bridging of critical gravity authentication
- There is no bypass and users are invited to repair
Hewlett Packard Enterprise (HPE) has revealed fixes for a number of dangerous defects affecting its backup and data recovery solution, Storeonce, including a critical severity bug that allows threat actors to access the vulnerable system without user interaction.
The bug is followed as CVE-2025-37093 and is described as a defect in authentication of authentication resulting from poor authentication manipulation. It has a 9.8 / 10 (critical) severity score and could potentially be abused to compromise the integrity of the system, allow threat actors to access sensitive data and cause different disruptions and availability problems.
Crooks could use it to deploy ransomware, steal sensitive data or move laterally throughout the target network.
Eight corrected defects
In the HPE council, the company said that all versions prior to 4.3.11 were vulnerable and urged users to update their software as soon as possible.
There are no other attenuations or bypass solutions, so if you cannot update your instance immediately, it would be better to delete the product as long as you can correct it.
The problems would have been discovered seven months ago, but apparently, no one has abused it in nature so far.
In total, HPE has repaired eight faults this time. Although the bypass of authentication is the most serious, the others are also potentially dangerous.
Here is a list of the other seven HPE faults fixed in version 4.3.11:
CVE-2025-37089-Execution of the remote code
CVE-2025-37090-Operation of the server side request
CVE-2025-37091-Execution of the remote code
CVE-2025-37092-Execution of the remote code
CVE-2025-37094-Deletion of arbitrary crossing files of the directory
CVE-2025-37095-Disclosure of crossing information from the repertoire
CVE-2025-37096-Execution of the remote code
Hpe Storeonce is a disk backup and recovery system that uses data deduplication to reduce storage needs. It is generally used by companies, government agencies and medium -sized companies with complex IT environments.
Storeonce supports integration with other backup and business software, such as HPE Data Protector, Veeam, Veritas Netbackup, Commvault and Microsoft Data Protection Manager. It also connects to cloud storage via Cloud HPE banking storage.
Via Bleeping Compompute
