HPE Releases Security Patch for StoreOnce Vulnerability Allowing Remote Authentication Bypass

June 04, 2025
Vulnerability / DevOps

Hewlett Packard Enterprise (HPE) has issued security updates to address up to eight vulnerabilities in its StoreOnce data backup and deduplication software, which could lead to remote authentication bypass and remote code execution. HPE’s advisory states, “These vulnerabilities could be remotely exploited, enabling remote code execution, information disclosure, server-side request forgery, authentication bypass, arbitrary file deletion, and directory traversal.” Among them is a critical flaw identified as CVE-2025-37093, rated 9.8 on the CVSS scale, which affects all software versions prior to 4.3.11. The vendor was notified of the vulnerability on October 31, 2024. Acknowledging an anonymous researcher for the discovery, the Zero Day Initiative (ZDI) shared insights on the issue…

HPE Releases Critical Security Patch for StoreOnce, Addressing Authentication Bypass Vulnerabilities

On June 4, 2025, Hewlett Packard Enterprise (HPE) announced the rollout of significant security updates aimed at rectifying multiple vulnerabilities within its StoreOnce data backup and deduplication solution. Among the eight identified flaws, a particularly concerning authentication bypass issue could allow unauthorized remote access and remote code execution, raising potential security risks for organizations relying on this technology.

In an advisory, HPE emphasized that these vulnerabilities might be exploited to enable an array of attacks, including remote code execution, information disclosure, server-side request forgery, arbitrary file deletion, and directory traversal vulnerabilities. Notably, one of the critical flaws, labeled CVE-2025-37093, has received a severe rating of 9.8 on the CVSS scoring system. This vulnerability affects all software versions prior to 4.3.11 and poses serious threats to the integrity of systems utilizing StoreOnce.

The discovery of these issues was credited to an anonymous researcher through the Zero Day Initiative (ZDI), which reported that the concerns were brought to HPE’s attention on October 31, 2024. Given the breadth of the vulnerabilities, business owners should carefully assess their current StoreOnce implementations and take prompt action to apply the necessary patches.

Targeting various organizations, this security breach has implications for businesses across sectors, particularly as data protection remains a top priority amid evolving cyber threats. The U.S.-based businesses that depend on HPE’s StoreOnce solutions should be particularly vigilant, as failure to address these vulnerabilities could lead to severe operational and reputational damage.

In the context of the MITRE ATT&CK framework, these vulnerabilities outline potential tactics that adversaries may employ. Initial access could be gained through exploiting the authentication bypass, which in turn might lead to persistence within the affected systems. Techniques related to privilege escalation can also be inferred, as attackers could escalate their access levels following successful exploitation of the vulnerability.

The nature of these vulnerabilities highlights an ongoing challenge for organizations to maintain robust cybersecurity measures. Cybersecurity teams must ensure that their systems are updated to close any gaps that attackers might exploit. As cyber threats continue to evolve, comprehensive awareness and proactive defense strategies become paramount for safeguarding sensitive data and maintaining business continuity.

As HPE continues to address these vulnerabilities, the incident serves as a crucial reminder to business leaders about the importance of staying informed about security patches and updates. It underscores the necessity to foster a culture of cybersecurity vigilance, ensuring that all systems are regularly monitored and maintained against emerging threats.

Source link

Related Posts

Critical 10-Year Vulnerability in Roundcube Webmail Allows Code Execution by Authenticated Users

On June 3, 2025, cybersecurity researchers revealed a significant security flaw in Roundcube webmail software, active for a decade, that could enable authenticated users to execute malicious code on vulnerable systems. Classified as CVE-2025-49113, the vulnerability has a CVSS score of 9.9 out of 10, highlighting its severity. It involves post-authentication remote code execution through PHP object deserialization. According to the National Vulnerability Database (NVD), “Roundcube Webmail versions before 1.5.10 and 1.6.x prior to 1.6.11 allow authenticated users to execute remote code due to the lack of validation for the _from parameter in the URL in program/actions/settings/upload.php.” This flaw affects all versions up to and including 1.6.10 but has been patched in versions 1.6.11 and 1.5.10 LTS. The vulnerability was discovered and reported by Kirill Firsov, founder and CEO of FearsOff.

Critical Cisco ISE Authentication Bypass Vulnerability Threatens Cloud Environments on AWS, Azure, and OCI

June 5, 2025
Network Security / Vulnerability

Cisco has issued security patches for a severe vulnerability affecting its Identity Services Engine (ISE). This flaw, identified as CVE-2025-20286 and rated 9.9 out of 10 on the CVSS scale, could be exploited by unauthenticated attackers to perform harmful actions on vulnerable systems. The vulnerability, categorized as a static credential issue, affects cloud deployments on Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI). Cisco warned that attackers could potentially access sensitive data, perform limited administrative tasks, alter system configurations, or disrupt services in the affected environments. The networking company credited Kentaro Kawane from GMO Cybersecurity for reporting the flaw and acknowledged the presence of a proof-of-concept (PoC) exploit, although no active exploitation has been confirmed.

Two Separate Botnets Target Wazuh Server Vulnerability for Mirai-Based Attacks

June 09, 2025
Wazuh Server Vulnerability

A critical security flaw in the Wazuh Server, now patched, has been exploited by threat actors to deploy two distinct variants of the Mirai botnet for executing distributed denial-of-service (DDoS) attacks. Akamai, which identified these exploitation efforts in late March 2025, reports that the campaign is targeting CVE-2025-24016 (CVSS score: 9.9), a dangerous deserialization vulnerability enabling remote code execution on affected Wazuh servers. This vulnerability impacts all server software versions from 4.4.0 onward and was addressed in February 2025 with the release of version 4.9.1. A proof-of-concept (PoC) exploit became publicly available around the same time. The issue stems from the Wazuh API, where parameters in the DistributedAPI are serialized as JSON and then deserialized using “as_wazuh_object” in the framework/wazuh/core/cluster/common.py file. Malicious actors can exploit this vulnerability by injecting harmful JSON…

China-Linked Cyber Espionage Group Targets Over 70 Organizations Across Diverse Sectors

June 9, 2025
Government Security / Cyber Espionage

Recent reconnaissance efforts against American cybersecurity firm SentinelOne are part of a larger wave of intrusions affecting various targets between July 2024 and March 2025. “The victims include a South Asian government agency, a European media outlet, and over 70 organizations spanning numerous sectors,” noted SentinelOne security researchers Aleksandar Milenkoski and Tom Hegel in a recent report. Affected sectors include manufacturing, government, finance, telecommunications, and research. Notably, an IT services and logistics firm was compromised while managing equipment logistics for SentinelOne staff during the breach in early 2025. This malicious activity has been confidently linked to threat actors associated with China, with some attacks attributed to a cluster known as PurpleHaze, which overlaps with recognized Chinese cyber espionage groups labeled APT15.