HPE’s Security Bug Swarm: Patch Now or Risk a ‘StoreOnce’ Meltdown!
Hewlett Packard Enterprise has issued security updates for eight vulnerabilities in its StoreOnce solution, including a critical authentication bypass flaw, CVE-2025-37093. Rated 9.8 on the CVSS scale, this flaw could allow attackers to bypass authentication. Users are advised to update promptly, as combining flaws could lead to severe breaches.
Hot Take:
Oh, HPE, you really know how to throw a vulnerability party, don’t you? With a whopping eight security holes to fill, it seems like StoreOnce decided to host its own version of a cyber-gala, complete with an authentication bypass and remote code execution surprises. Who knew data backup solutions could be so eventful? Let’s hope users RSVP’d with a patch download!
Key Points:
- HPE’s StoreOnce has eight vulnerabilities, including an authentication bypass and remote code execution.
- The critical flaw, CVE-2025-37093, scores a 9.8 on the CVSS scale.
- Exploitation could lead to a variety of cyber mischief, including arbitrary file deletion and information disclosure.
- Zero Day Initiative (ZDI) credits an anonymous researcher for the discovery.
- HPE has also patched vulnerabilities in HPE Telco Service Orchestrator and OneView.
Already a member? Log in here