CVE-2025-37094
📋 TL;DR
This vulnerability allows attackers to delete arbitrary files on HPE StoreOnce backup appliances through directory traversal techniques. It affects HPE StoreOnce Software installations, potentially compromising data integrity and availability. Attackers could exploit this to delete critical system or backup files.
💻 Affected Systems
- HPE StoreOnce Software
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through deletion of critical operating system files, rendering the appliance inoperable and causing permanent data loss.
Likely Case
Selective deletion of backup data or configuration files, disrupting backup operations and potentially causing data recovery challenges.
If Mitigated
Limited impact with proper network segmentation and access controls, potentially only affecting non-critical files.
🎯 Exploit Status
Directory traversal vulnerabilities are typically straightforward to exploit once the attack vector is identified. Requires authenticated access to the vulnerable interface.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Refer to HPE security bulletin HPEBSN04847 for specific patched versions
Vendor Advisory: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbst04847en_us&docLocale=en_US
Restart Required: Yes
Instructions:
1. Review HPE security bulletin HPEBSN04847. 2. Download appropriate firmware update from HPE Support Portal. 3. Apply firmware update following HPE StoreOnce update procedures. 4. Restart appliance as required by update process.
🔧 Temporary Workarounds
Restrict Network Access
allLimit access to StoreOnce management interface to trusted administrative networks only
Configure firewall rules to restrict access to StoreOnce management IP/ports
Implement Least Privilege
allRestrict administrative access to only necessary personnel and monitor privileged account usage
Review and tighten user access controls in StoreOnce management interface
🧯 If You Can't Patch
- Implement strict network segmentation to isolate StoreOnce appliances from untrusted networks
- Enable comprehensive logging and monitoring of file deletion activities on StoreOnce systems
🔍 How to Verify
Check if Vulnerable:
Check current firmware version against HPE security bulletin HPEBSN04847 for affected versionsCheck Version:
Check firmware version via StoreOnce management interface or CLI (specific command varies by version)Verify Fix Applied:
Verify firmware version has been updated to patched version specified in HPE advisory📡 Detection & Monitoring
Log Indicators:
- Unusual file deletion patterns
- Multiple failed file access attempts with traversal patterns
- Administrative actions from unexpected sources
Network Indicators:
- HTTP requests containing directory traversal sequences to StoreOnce management interface
SIEM Query:
source="storeonce" AND (event_type="file_delete" OR http_uri CONTAINS "../")