<ul><li>Hewlett Packard Enterprise (HPE) has issued patches for several vulnerabilities in its StoreOnce data backup and recovery solution, with a critical authentication bypass flaw being the most severe.</li><li>The critical flaw, tracked as CVE-2025-37093, allows threat actors to gain full system access without user interaction, posing significant risks to system integrity and data security.</li><li>All versions of StoreOnce prior to 4.3.11 are vulnerable, and users are strongly advised to update their software immediately as there are no workarounds available.</li><li>In addition to the critical authentication bypass, HPE patched seven other flaws in StoreOnce, including issues like Remote Code Execution and Directory Traversal, affecting enterprise and government users.</li></ul>

HPE flags critical StoreOnce auth bypass, users should update now

Discover more