Directory Traversal Vulnerability in HPE StoreOnce Software
CVE-2025-37095

5.9MEDIUM

Key Information:

Vendor

HP (HP)

Status
HP Storeonce Software
Vendor
CVE Published:
2 June 2025

What is CVE-2025-37095?

A directory traversal vulnerability in HPE StoreOnce Software allows attackers to gain unauthorized access to sensitive information. This flaw can be exploited to read arbitrary files from the server, potentially compromising confidential data and configurations. Users are advised to apply the latest security updates to mitigate this risk.

Affected Version(s)

HPE StoreOnce Software 0 < 4.3.11

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V4

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-37095 : Directory Traversal Vulnerability in HPE StoreOnce Software