Directory Traversal Vulnerability in HPE StoreOnce Software
CVE-2025-37094

5.5MEDIUM

Key Information:

Vendor

HP (HP)

Vendor
CVE Published:
2 June 2025

What is CVE-2025-37094?

A directory traversal vulnerability in HPE StoreOnce Software allows remote attackers to manipulate file paths, potentially leading to unauthorized file deletion. This weakness can be exploited if an attacker crafts a specific input that navigates directories improperly. The issue raises significant security concerns for users reliant on HPE StoreOnce for data protection and storage, requiring immediate attention to mitigate risks associated with unauthorized file manipulation.

Affected Version(s)

HPE StoreOnce Software 0 < 4.3.11

References

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-37094 : Directory Traversal Vulnerability in HPE StoreOnce Software