Hewlett Packard Enterprise warns of critical StoreOnce auth bypass

Hewlett Packard Enterprise (HPE) has issued a security bulletin to warn about eight vulnerabilities impacting StoreOnce, its disk-based backup and deduplication solution.

Among the flaws fixed this time is a critical severity (CVSS v3.1 score: 9.8) authentication bypass vulnerability tracked under CVE-2025-37093 , three remote code execution bugs, two directory traversal problems, and a server-side request forgery issue.

The flaws impact all versions of the HPE StoreOnce Software before v4.3.11, which is now the recommended upgrade version.

Here's the complete list of the eight vulnerabilities HPE fixed in version 4.3.11:

CVE-2025-37089 – Remote Code Execution

CVE-2025-37090 – Server-Side Request Forgery

CVE-2025-37091 – Remote Code Execution

CVE-2025-37092 – Remote Code Exe

See Full Page

1300

Interests (0)

Settings

Hewlett Packard Enterprise warns of critical StoreOnce auth bypass

Soldier Who 'Hates Himself' for Dismembering Pregnant Wife, Unborn Child with Chainsaw Learns Fate

'Our enemies are celebrating': How the Trump-Musk feud endangers America

Steve Bannon calls on Trump to deport Elon Musk and 'seize' SpaceX

Midea recalling 1.7 million of its popular air conditioners due to mold concern

Zelenskyy rejects Trump's playground characterization of Ukraine war

Justice Department says Kilmar Abrego Garcia has been returned to the U.S. after indictment on human smuggling charges

Predator: Killer of Killers First Reviews: “Every Predator Fan’s Dream Come True”

Why Trump probably can’t cut Musk loose

Watch: Novak Djokovic and Jannik Sinner Play Point of the Year at French Open

Nations League Portugal-Spain is not Ronaldo vs. Yamal