Hewlett Packard Enterprise (HPE) has issued a security bulletin to warn about eight vulnerabilities impacting StoreOnce, its disk-based backup and deduplication solution.
Among the flaws fixed this time is a critical severity (CVSS v3.1 score: 9.8) authentication bypass vulnerability tracked under CVE-2025-37093, three remote code execution bugs, two directory traversal problems, and a server-side request forgery issue.
The flaws impact all versions of the HPE StoreOnce Software before v4.3.11, which is now the recommended upgrade version.
Here’s the complete list of the eight vulnerabilities HPE fixed in version 4.3.11:
- CVE-2025-37089 – Remote Code Execution
- CVE-2025-37090 – Server-Side Request Forgery
- CVE-2025-37091 – Remote Code…