The Hewlett Packard Enterprise (HPE) has released security updates to solve as much as eight vulnerabilities in its reserve and deduction STORONCE data solution, which could lead to authentication and deleted code.
“These vulnerabilities can be deleted to allow the remote code, disclosure, the forgery of the server request, authentication patency, arbitrary deletion of files and vulnerability to the catalogs of information,” HPE, “HPE” – Note In advisory.
This includes a critical security deficiency, tracked as the CVE-2025-37093, which is estimated by 9.8 in the CVS count. This has been described as an authentication error that affects all versions of the software up to 4.3.11. The vulnerability, together with the rest, reported the supplier on October 31, 2024.
According to the Zero Day (ZDI) initiative, which counted an anonymous researcher for detecting and shortcoming report, the problem was implemented in the implementation of the Machinaccountcheck method.
“The problem arises as a result of incorrect implementation of authentication algorithm,” Zdi – Note. “The attacker can use this vulnerability to bypass the authentication in the system.”
Successful operation of the CVE-2025-37093 can allow remote attacker to bypass the authentication at the affected institutions. What makes the vulnerability more serious, this is what it can be paved with the rest of the shortcomings to achieve the code, disclosure and Arbitrary removal of files In the context of the root –
- Cve-2025-37089-performance remote code
- Cve-2025-37090-tip on the server side
- Cve-2025-37091-performance remote code
- Cve-2025-37092-performing remote code
- Cve-2025-37093-baip authentication
- Cve-2025-37094-catalog arbitrary file deletion files
- Cve-2025-37095-disclosure of information about the transition to the catalog
- Cve-2025-37096-performance of remote code
Disclosure occurs when HPE also ships patches to resolve multiple disadvantages of critical situation HPE TELCO SERVICE Orchestrator (Cve-2025-31651CVSS’s assessment: 9.8) and Oneview (Cve-2024-38475. Cve-2024-38476.
While there is no active operation, it is important that users apply the latest updates to optimal protection.