Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

HPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass

The Hacker News by The Hacker News
June 4, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


Jun 04, 2025The Hacker NewsVulnerability / DevOps

Hewlett Packard Enterprise (HPE) has released security updates to address as many as eight vulnerabilities in its StoreOnce data backup and deduplication solution that could result in an authentication bypass and remote code execution.

“These vulnerabilities could be remotely exploited to allow remote code execution, disclosure of information, server-side request forgery, authentication bypass, arbitrary file deletion, and directory traversal information disclosure vulnerabilities,” HPE said in an advisory.

This includes a fix for a critical security flaw tracked as CVE-2025-37093, which is rated 9.8 on the CVSS scoring system. It has been described as an authentication bypass bug affecting all versions of the software prior to 4.3.11. The vulnerability, along with the rest, was reported to the vendor on October 31, 2024.

Cybersecurity

According to the Zero Day Initiative (ZDI), which credited an anonymous researcher for discovering and reporting the shortcoming, said the problem is rooted in the implementation of the machineAccountCheck method.

“The issue results from improper implementation of an authentication algorithm,” ZDI said. “An attacker can leverage this vulnerability to bypass authentication on the system.”

Successful exploitation of CVE-2025-37093 could permit a remote attacker to bypass authentication on affected installations. What makes the vulnerability more severe is that it could be chained with the remaining flaws to achieve code execution, information disclosure, and arbitrary file deletion in the context of root –

  • CVE-2025-37089 – Remote Code Execution
  • CVE-2025-37090 – Server-Side Request Forgery
  • CVE-2025-37091 – Remote Code Execution
  • CVE-2025-37092 – Remote Code Execution
  • CVE-2025-37093 – Authentication Bypass
  • CVE-2025-37094 – Directory Traversal Arbitrary File Deletion
  • CVE-2025-37095 – Directory Traversal Information Disclosure
  • CVE-2025-37096 – Remote Code Execution
Cybersecurity

The disclosure comes as HPE also shipped patches to address multiple critical-severity flaws in HPE Telco Service Orchestrator (CVE-2025-31651, CVSS score: 9.8) and OneView (CVE-2024-38475, CVE-2024-38476, CVSS scores: 9.8) to address previously disclosed weaknesses in Apache Tomcat and Apache HTTP Server.

While there are no reports of active exploitation, it’s essential that users apply the latest updates for optimal protection.

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
Interview: Pega’s ‘Blueprint’ for breaking the curse of legacy IT | Computer Weekly

Interview: Pega’s ‘Blueprint’ for breaking the curse of legacy IT | Computer Weekly

Recommended.

ADGM startet mit einer starken Leistung im ersten Quartal in das Jahr 2025

ADGM startet mit einer starken Leistung im ersten Quartal in das Jahr 2025

June 4, 2025
Huawei prezentuje nową serię urządzeń ubieralnych w Berlinie, wkraczając w nową erę tej technologii

Huawei prezentuje nową serię urządzeń ubieralnych w Berlinie, wkraczając w nową erę tej technologii

May 17, 2025

Trending.

VIDIZMO Earns Microsoft Solutions Partner Designations for All Three Areas of Azure, Solidifying its Expertise in Delivering AI Solutions

VIDIZMO Earns Microsoft Solutions Partner Designations for All Three Areas of Azure, Solidifying its Expertise in Delivering AI Solutions

June 28, 2025
Tilson Continues to Perform for Clients; Shares Substantial Progress in Chapter 11 Process

Tilson Continues to Perform for Clients; Shares Substantial Progress in Chapter 11 Process

June 27, 2025
OneClik Malware Targets Energy Sector Using Microsoft ClickOnce and Golang Backdoors

OneClik Malware Targets Energy Sector Using Microsoft ClickOnce and Golang Backdoors

June 27, 2025
DHS Warns Pro-Iranian Hackers Likely to Target U.S. Networks After Iranian Nuclear Strikes

DHS Warns Pro-Iranian Hackers Likely to Target U.S. Networks After Iranian Nuclear Strikes

June 23, 2025
Le nombre d’utilisateurs de la 5G-A atteint les dix millions en Chine : Huawei présente le développement de la 5G-A et la valeur de l’IA basée sur des scénarios

Le nombre d’utilisateurs de la 5G-A atteint les dix millions en Chine : Huawei présente le développement de la 5G-A et la valeur de l’IA basée sur des scénarios

June 27, 2025

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio