CVE-2025-37093

Published Jun 2, 2025

Last updated 5 days ago

CVSS critical 9.8
HPE StoreOnce

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-37093 is an authentication bypass vulnerability affecting HPE StoreOnce Software. It exists in versions prior to 4.3.11. The vulnerability stems from an improper implementation of the machineAccountCheck method, which is part of the authentication algorithm. An attacker can exploit this flaw to bypass authentication on the system.

Description
An authentication bypass vulnerability exists in HPE StoreOnce Software.
Source
security-alert@hpe.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-287

Social media

Hype score
Not currently trending

  1. HPE、StoreOnceの重大な脆弱性を修正(CVE-2025-37093) https://t.co/vaUEmGPf8b #Security #セキュリティ #ニュース

    @SecureShield_

    7 Jun 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. HPE issues urgent StoreOnce patches for 8 security flaws including a critical authentication bypass (CVE-2025-37093). Users must update to 4.3.11 immediatelyno workarounds available! https://t.co/PWU5l1y3BN https://t.co/TAep6sSaHf

    @MelinaFl0w

    6 Jun 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. HPE Patches Critical Vulnerability in StoreOnce HPE has released patches for multiple vulnerabilities in its StoreOnce software, including a critical authentication bypass flaw (CVE-2025-37093, CVSS 9.8) caused by improper implementation of the machineAccountCheck method. While

    @dCypherIO

    6 Jun 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. HPE patches 8 critical StoreOnce vulnerabilities, including an authentication bypass (CVE-2025-37093). Users must update to avoid risk of ransomware and data breaches! Patch now! https://t.co/oVSaLRQ5rm https://t.co/Q6EoQ9rkpu

    @tys0n_0

    6 Jun 2025

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Security Bulletin: HPE StoreOnce vulnerability (CVE-2025-37093) allows auth bypass & full system compromise. Affected: versions < 4.3.11. Patch now to 4.3.11 to reduce risk. #ThreatIntel #RedLeggCTI #HPE https://t.co/UNm2ctsVd0

    @RedLegg

    4 Jun 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Hewlett Packard Enterprise (HPE) warned about eight vulnerabilities in StoreOnce, including a critical authentication bypass (CVE-2025-37093) and various remote code executions, recommending upgrade to version 4.3.11. #Security https://t.co/S01puIjClr

    @Strivehawk

    4 Jun 2025

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. CVE-2025-37093: HPE Fixes Critical RCE Vulnerability in StoreOnce https://t.co/F0CvqOQIJM

    @Dinosn

    4 Jun 2025

    1927 Impressions

    3 Retweets

    11 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  8. CVE-2025-37093: HPE StoreOnce Bug Enables Remote Authentication Bypass #HPE #CyberSecurity #DataProtection #StoreOnce #VulnerabilityPatch #CVE202537093 #InfoSec #RemoteCodeExecution #AuthenticationBypass #EnterpriseSecurity https://t.co/oOEPCDgWUp

    @cyashadotcom

    4 Jun 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. HPE StoreOnce has a critical vulnerability (CVE-2025-37093) with a CVSS score of 9.8, exposing systems to remote code execution & unauthorized access. Update to version 4.3.11+ immediately to stay protected. ⚠️ #DataSecurity #HPEIndia #PatchAlert https://t.co/Rd2Urx8Wlh

    @TweetThreatNews

    4 Jun 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Hewlett Packard Enterprise warns of critical StoreOnce auth bypass Hewlett Packard Enterprise (HPE) has released a security update for StoreOnce, addressing eight vulnerabilities, including a critical CVE-2025-37093 authentication bypass flaw (CVSS 9.8). Other issues include htt

    @dCypherIO

    4 Jun 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. CVE-2025-37093: Critical authentication bypass in HPE StoreOnce (CVSS 9.8) affects all versions before 4.3.11. May be chained with other flaws for remote code execution and data exposure. Patch now. #HPE #StoreOnce #CVE2025 #CyberSecurity #PatchNow #InfoSec #CloneSystems https

    @CloneSystemsInc

    4 Jun 2025

    39 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Hewlett Packard Enterprise (HPE) has issued a security bulletin regarding eight vulnerabilities in StoreOnce, its backup solution. A critical authentication bypass vulnerability (CVE-2025-37093, CVSS 9. https://t.co/VrUXLWHN5c

    @securityRSS

    4 Jun 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. HPE releases critical patches for StoreOnce vulnerabilities, including CVE-2025-37093, which allows remote authentication bypass and code execution. Immediate updates needed to prevent data breaches. 🔒 #TechNews #HPE #USA https://t.co/YxwEqO6lUE

    @TweetThreatNews

    4 Jun 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. 🚨 Critical alert for HPE StoreOnce users! 🚨 Security patch released to fix multiple vulnerabilities, including CVE-2025-37093 (CVSS 9.8) that allows auth bypass. Update to v4.3.11 ASAP! 🛡️ #Cybersecurity #PatchNow https://t.co/mC76i9bKNQ

    @fernandokarl

    4 Jun 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. 🚨 Critical bugs in HPE StoreOnce | 9.8 CVSS flaw allows auth bypass + RCE as root. 👀 One bug (CVE-2025-37093) lets attackers skip login—then chain others for full takeover. Patch now if you're running pre-4.3.11 versions. 🔗 Full details: https://t.co/GUMYvSSlL0

    @TheHackersNews

    4 Jun 2025

    11029 Impressions

    19 Retweets

    39 Likes

    6 Bookmarks

    1 Reply

    0 Quotes

  16. HPE fixed 8 StoreOnce vulnerabilities (CVE-2025-37089 to 37096) in v4.3.11, including a critical auth bypass (CVE-2025-37093) enabling other exploits like remote code execution. Upgrade immediately as there are no mitigations. https://t.co/dU7qTcPLyk

    @Jfreeg_

    3 Jun 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. Urgent: HPE StoreOnce has critical auth bypass (CVE-2025-37093, CVSS 9.8) and RCE flaws. Patch to v4.3.11 immediately—unpatched systems risk full compromise. Check your backups and restrict access. Details: https://t.co/zzBxKDGBSM

    @RedTeamNewsBlog

    3 Jun 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. 🚨 Critical auth bypass in HPE StoreOnce Software (CVE-2025-37093). Immediate action needed! Details: https://t.co/JlVDopMJnt #OffSeq #CVE202537093 #HPE #CyberSecurity #Vulnerability https://t.co/BgXUx9Q7iH

    @offseq

    3 Jun 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. CVE-2025-37093 An authentication bypass vulnerability exists in HPE StoreOnce Software. https://t.co/MAMfSdm0BO

    @CVEnew

    2 Jun 2025

    347 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  20. [CVE-2025-37093: CRITICAL] An authentication bypass vulnerability exists in HPE StoreOnce Software.#cve,CVE-2025-37093,#cybersecurity https://t.co/68iKrxVVky https://t.co/iShr6OjRog

    @CveFindCom

    2 Jun 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.