Close Menu
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
What's Hot

Five new exploited bugs listed in CISA catalog – Oracle and Microsoft also targeted

Automattic CEO calls Tumblr his ‘biggest failure’ to date

Regulators investigate Waymo after robot taxi drove around stopped school bus

Facebook X (Twitter) Instagram
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
Facebook X (Twitter) Instagram
Fyself News
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
Fyself News
Home » HPE issues a security patch for StoreOnce bugs that allow remote authentication bypass
Identity

HPE issues a security patch for StoreOnce bugs that allow remote authentication bypass

userBy userJune 4, 2025No Comments2 Mins Read
Share Facebook Twitter Pinterest Telegram LinkedIn Tumblr Email Copy Link
Follow Us
Google News Flipboard
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link

June 4, 2025Hacker NewsVulnerability / DevOps

HPE issues security patches

Hewlett Packard Enterprise (HPE) has released security updates to address eight vulnerabilities in StoreOnce data backup and deduplication solutions, potentially resulting in authentication bypassing and remote code execution.

“These vulnerabilities could be exploited remotely to allow vulnerabilities in remote code execution, information disclosure, server-side request forgery, authentication bypass, arbitrary file deletion, and directory traversal information,” HPE said in its advisory.

This includes fixes for critical security flaws tracked as CVE-2025-37093, which is rated 9.8 on the CVSS scoring system. It was described as an authentication bypass bug that affects all versions of the software prior to 4.3.11. The vulnerability, along with the rest, was reported to the vendor on October 31, 2024.

Cybersecurity

According to the Zero Day Initiative (ZDI), anonymous researchers have found and reported the shortcomings, and the issue is rooted in the implementation of the MachineaCcountCheck method.

“This issue is caused by an inappropriate implementation of the authentication algorithm,” ZDI said. “Attackators can exploit this vulnerability to bypass authentication on the system.”

The successful exploitation of CVE-2025-37093 allows remote attackers to bypass authentication on affected installations. What makes the vulnerability even more serious is that it can be chained with the remaining flaws to achieve code execution, information disclosure, and arbitrary file deletion in the context of the root –

CVE-2025-37089-Remote Code Execution CVE-2025-37090-Server Side Request Forgery CVE-2025-37091-Remote Code Execution CVE-2025-37092-CVE-2025-37093-Authentication CVE-2025-37094-Director Trazor CVE-2025-37095-Director Traversal Disclosure CVE-2025-37096-Remote Code Execution

Cybersecurity

HPE also ships patches that address multiple severity defects for HPE Telco Service Orchestrator (CVE-2025-31651, CVSS Score: 9.8) and Oneview (CVE-2024-38475, CVE-2024-38476, CVSS Scores Inn) postponed: 9.8SS scores, as HPE also shipped patches that address multiple severity defects for CVE-2024-38475, CVE-2024-38476 until the advent of 9.8SS scores. Apache HTTP server.

There are no reports of aggressive exploitation, but it is essential that users apply the latest updates for optimal protection.

Did you find this article interesting? This article is a donation from one of our precious partners. Follow us on Twitter and LinkedIn to read exclusive content you post.

Source link

Follow on Google News Follow on Flipboard
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Previous ArticleOne of Africa’s most successful founders has returned to a new AI startup and has already raised $9 million
Next Article South Korea’s Lee promises to “heal the wounds” in her first speech as president | Election News
user
  • Website

Related Posts

Five new exploited bugs listed in CISA catalog – Oracle and Microsoft also targeted

October 20, 2025

F5 Breached, Linux Rootkits, Pixnapping Attack, EtherHiding & More

October 20, 2025

3 reasons copy/paste attacks cause security breaches

October 20, 2025
Add A Comment
Leave A Reply Cancel Reply

Latest Posts

Five new exploited bugs listed in CISA catalog – Oracle and Microsoft also targeted

Automattic CEO calls Tumblr his ‘biggest failure’ to date

Regulators investigate Waymo after robot taxi drove around stopped school bus

X launches marketplace for purchasing inactive handles

Trending Posts

Subscribe to News

Subscribe to our newsletter and never miss our latest news

Please enable JavaScript in your browser to complete this form.
Loading

Welcome to Fyself News, your go-to platform for the latest in tech, startups, inventions, sustainability, and fintech! We are a passionate team of enthusiasts committed to bringing you timely, insightful, and accurate information on the most pressing developments across these industries. Whether you’re an entrepreneur, investor, or just someone curious about the future of technology and innovation, Fyself News has something for you.

Immortality is No Longer Science Fiction: TwinH’s AI Breakthrough Could Change Everything

The AI Revolution: Beyond Superintelligence – TwinH Leads the Charge in Personalized, Secure Digital Identities

Revolutionize Your Workflow: TwinH Automates Tasks Without Your Presence

FySelf’s TwinH Unlocks 6 Vertical Ecosystems: Your Smart Digital Double for Every Aspect of Life

Facebook X (Twitter) Instagram Pinterest YouTube
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
© 2025 news.fyself. Designed by by fyself.

Type above and press Enter to search. Press Esc to cancel.