- HPE PATCHES EIGHT FALLAS IN THE STOREUNCE PLATFORM
- Among the defects there is an authentication derivation of critical gravity
- There are no solutions and users are recommended
Hewlett Pckard Enterprise (HPE) has revealed patches for a series of dangerous defects that affect their data backup solution and recovery, Storeonce, including a critical severity error that allows threat actors to obtain total access to the vulnerable system without user interaction.
The error is tracked as CVE-2025-37093, and is described as a failure of authentication derivation derived from inappropriate authentication management. It has a gravity score of 9.8/10 (critic) and could be abused to compromise the integrity of the system, allow threat actors to access confidential data and lead to different interruptions and availability problems.
Crooks could use it to implement ransomware, steal confidential data or move laterally along the destination network.
Eight paved defects
In HPE’s notice, the company said that all versions prior to 4.3.11 were vulnerable and urged users to update their software as soon as possible.
There are no other mitigations or solutions, so if you cannot update your instance, it would be better to eliminate the product until you can patch it.
According to reports, the problems were discovered seven months ago, but apparently no one abused him in nature so far.
In total, Hpe repaired eight failures this time. While authentication bypass is the most severe, others are also potentially dangerous.
Here is a list of seven other HPE defects set in version 4.3.11:
CVE-2025-37089-AJECTION OF REMOTE CODE
CVE-2025-37090-FALSIFICATION OF SERVER SIDE APPLICATIONS
CVE-2025-37091-APPOINTMENT OF REMOTE CODE
CVE-2025-37092-AJECTION OF REMOTE CODE
CVE-2025-37094-Arbitrary Deletion of Arbitrary Board of Directors
CVE-2025-37095-Divulgation of Transversal Information of the Board of Directors
CVE-2025-37096-AJECTION OF REMOTE CODE
HPE Storeonce is a disk -based backup and recovery system that uses data deduplication to reduce storage needs. In general, companies, government agencies and medium -sized companies with complex IT environments.
Storeonce admits integration with another backup software and company, such as HPE data protector, veeam, Veritas Netbackup, Commvault and Microsoft Data Protection Manager. It also connects with cloud storage through HPE storage in the bank in the cloud.
Through Bleepingcomputer
