An HPE StoreOnce vulnerability allows attackers to bypass authentication, potentially leading to remote code execution.
June 6, 2025 By Ionut Arghire
Hewlett Packard Enterprise (HPE) this week announced fixes for multiple vulnerabilities in StoreOnce software, including a critical flaw leading to authentication bypass.
The StoreOnce software powers HPE’s storage products, which are secondary storage systems that provide data protection, copy management, backup, and deduplication capabilities, to increase efficiency. StoreOnce VSA, a virtual appliance offering the same functionality, is also available.
The critical issue addressed in StoreOnce this week, tracked as CVE-2025-37093 (CVSS score of 9.8), was discovered in the software’s implementation of the machineAccountCheck method.
