Directory Traversal Vulnerability in HPE StoreOnce Software
CVE-2025-37094

9.1CRITICAL

Key Information:

Vendor: HP (HP)
Status: HP Storeonce Software
Vendor: CVE Published:; 2 June 2025

What is CVE-2025-37094?

A directory traversal vulnerability in HPE StoreOnce Software allows remote attackers to manipulate file paths, potentially leading to unauthorized file deletion. This weakness can be exploited if an attacker crafts a specific input that navigates directories improperly. The issue raises significant security concerns for users reliant on HPE StoreOnce for data protection and storage, requiring immediate attention to mitigate risks associated with unauthorized file manipulation.

Affected Version(s)

HPE StoreOnce Software 0 < 4.3.11

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2025
Vulnerability Reserved
Apr 16, 2025

HP (HP)

What is CVE-2025-37094?

Affected Version(s)

References

CVSS V3.1

Timeline