Hewlett Packard Enterprise warns of critical StoreOnce auth bypass www.bleepingcomputer.com/news/secu…

Hewlett Packard Enterprise (HPE) has issued a security bulletin to warn about eight vulnerabilities impacting StoreOnce, its disk-based backup and deduplication solution.

Among the flaws fixed this time is a critical severity (CVSS v3.1 score: 9.8) authentication bypass vulnerability tracked under CVE-2025-37093, three remote code execution bugs, two directory traversal problems, and a server-side request forgery issue.

The flaws impact all versions of the HPE StoreOnce Software before v4.3.11, which is now the recommended upgrade version.