Hewlett Packard Enterprise Warns of Critical StoreOnce Auth Bypass

Hewlett Packard Enterprise warns of critical StoreOnce auth bypass

Hewlett Packard Enterprise (HPE) has issued a security bulletin to warn about eight vulnerabilities impacting StoreOnce, its disk-based backup and deduplication solution.

CVE-2025-37093: HPE Fixes Critical RCE Vulnerability in StoreOnce

On June 2, 2025, Hewlett Packard Enterprise (HPE) released fixes for multiple vulnerabilities affecting HPE StoreOnce VSA, an enterprise backup storage solution. The most severe of these was CVE-2025-37093, a critical authentication bypass vulnerability discovered by the Zero Day Initiative (ZDI). The flaw resides in the implementation of the machineAccountCheck method and stems from improper … CVE-2025-37093: HPE Fixes Critical RCE Vulnerabilit…

Critical CVE-2025-37093 Hits HPE StoreOnce Systems

Hewlett Packard Enterprise (HPE) has issued a new security advisory addressing eight newly discovered vulnerabilities in its StoreOnce data backup and deduplication platform. Among these, the most severe is an authentication bypass vulnerability tracked as CVE-2025-37093, which carries a near-maximum CVSS score of 9.8, indicating a critical risk to affected systems.  In a security bulletin (document ID: HPESBST04847 rev.1), HPE outlined that mul…

Eight vulnerabilities hit HPE StoreOnce, upgrade required

HPE patches eight vulnerabilities in StoreOnce software, including critical authentication bypass. Upgrade to v4.3.11 strongly recommended.

HPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass

HPE发布安全更新修复StoreOnce数据备份解决方案中的八个高危漏洞，包括身份验证绕过、远程代码执行等风险。其中CVE-2025-37093为关键漏洞，CVSS评分9.8分，影响所有4.3.11前版本。

Hewlett Packard Enterprise Warns Of Critical StoreOnce Auth Bypass - Cybernoz - Cybersecurity News

Hewlett Packard Enterprise (HPE) has issued a security bulletin to warn about eight vulnerabilities impacting StoreOnce, its disk-based backup and deduplication solution. Among the flaws fixed this time is a critical severity (CVSS v3.1 score: 9.8) authentication bypass vulnerability tracked under CVE-2025-37093, three remote code execution bugs, two directory traversal problems, and a server-side request forgery issue. The flaws impact all vers…