CVE-2025-37093

Name of the Vulnerable Software and Affected Versions HPE StoreOnce versions prior to 4.3.11

Description The issue is related to an authentication bypass vulnerability in HPE StoreOnce, which could allow remote attackers to bypass security restrictions. This vulnerability is caused by improper implementation of the machineAccountCheck method. The vulnerability may be chained with other flaws for remote code execution and data exposure. It is recommended to update to version 4.3.11 to reduce the risk of exploitation.

Recommendations Update to version 4.3.11 to fix the authentication bypass vulnerability. As a temporary workaround, consider restricting access to the vulnerable system until a patch is available. Avoid using the system for critical operations until the issue is resolved. Update to version 4.3.11 to prevent potential exploits and reduce the risk of ransomware and data breaches.