CVE-2025-37092 – A command injection vulnerability in HPE StoreO... (How to Fix)

Q: What is the severity of CVE-2025-37092?

CVE-2025-37092 has a CVSS score of 9.8 (CRITICAL). A command injection vulnerability in HPE StoreOnce Software allows remote attackers to execute arbitrary commands on affected systems. This affects all HPE StoreOnce systems running vulnerable software versions, potentially compromising backup infrastructure and stored data.

📋 TL;DR

A command injection vulnerability in HPE StoreOnce Software allows remote attackers to execute arbitrary commands on affected systems. This affects all HPE StoreOnce systems running vulnerable software versions, potentially compromising backup infrastructure and stored data.

💻 Affected Systems

Products:

HPE StoreOnce Backup Systems

Versions: All versions prior to the patched release

Operating Systems: HPE StoreOnce OS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all HPE StoreOnce systems regardless of configuration when running vulnerable software versions.

📦 What is this software?

Storeonce System by Hpe

View all CVEs affecting Storeonce System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise leading to data exfiltration, ransomware deployment, or destruction of backup data, potentially affecting all systems backed up to the StoreOnce appliance.

🟠

Likely Case

Unauthorized access to backup data, credential theft, lateral movement to connected systems, and potential data corruption.

🟢

If Mitigated

Limited impact due to network segmentation, strict access controls, and monitoring preventing successful exploitation.

🌐 Internet-Facing: HIGH - If exposed to internet, vulnerable to automated scanning and exploitation attempts.

🏢 Internal Only: HIGH - Even internally, vulnerable to compromised internal systems or malicious insiders.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Command injection vulnerabilities typically have low exploitation complexity once the injection point is identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to HPE advisory for specific patched versions

Vendor Advisory: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbst04847en_us&docLocale=en_US

Restart Required: Yes

Instructions:

1. Review HPE advisory for affected versions. 2. Download appropriate patch from HPE support portal. 3. Apply patch following HPE StoreOnce update procedures. 4. Restart system as required.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate StoreOnce systems from untrusted networks and limit access to authorized management systems only.

Access Control Restrictions

all

Implement strict firewall rules and authentication requirements for StoreOnce management interfaces.

🧯 If You Can't Patch

Implement strict network segmentation and firewall rules to limit access to StoreOnce management interfaces
Enable detailed logging and monitoring for suspicious command execution patterns on StoreOnce systems

🔍 How to Verify

Check if Vulnerable:

Check StoreOnce software version against HPE advisory. Vulnerable if running pre-patch versions.

Check Version:

Check via StoreOnce management interface or CLI: 'show version' or equivalent

Verify Fix Applied:

Verify software version matches or exceeds patched version specified in HPE advisory.

📡 Detection & Monitoring

Log Indicators:

Unusual command execution patterns
Unexpected process creation
Authentication attempts from unusual sources

Network Indicators:

Unusual traffic to StoreOnce management ports
Suspicious payloads in HTTP requests to management interface

SIEM Query:

Example: 'source="storeonce" AND (process="unusual_command" OR user="unexpected_user")'

📊 Metadata

CVE ID: CVE-2025-37092

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-77

EPSS Score: 0.36% exploit probability (57.4th percentile)

Published: June 2, 2025

Last Updated: July 2, 2025

🔗 References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbst04847en_us&docLocale=en_US Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-37092, you might also want to check these: