- HPE PATCHES EIGHT MISSING IN THE BIGONCE -Platform
- Among the shortcomings is a critical difficulty approval compass
- There are no solutions and users are advised to patch up
Hewlett Packard Enterprise (HPE) has revealed latations for a number of dangerous deficiencies affecting its databack and recovery solution, BigEnonce, including an error in critical difficulty that allows threat actors to gain full access to the vulnerable system without user interaction.
The error is traced as CVE-2025-37093 and is described as an approval compass error derived from incorrect approval management. It has a severity of 9.8/10 (critical) and can potentially be abused to compromise system integrity, allow threat players to access sensitive data and lead to various disorders and accessibility problems.
Crooks could use it to implement ransomware, steal sensitive data or move laterally through the target network.
Eight Missing Lapped
In HPE’s advice, the company said all versions before 4.3.11 were vulnerable and have encouraged users to update their software as soon as possible.
There are no other formations or solutions, so if you can’t update your instance right away, it would be best to remove the product until you can patch it.
The questions were allegedly discovered seven months ago, but apparently no one abused it in nature so far.
In total, HPE eight is missing this time. While the approval round is the most serious, others are also potentially dangerous.
Here is a list of other seven deficiencies attached in version 4.3.11:
CVE-2025-37089 Execution of Remote Code
CVE-2025-37090 request on server-side forgery
CVE-2025-37091 Execution of Remote Code
CVE-2025-37092 Execution of Remote Code
CVE-2025-37094-DIRectory Traversal arbitrary Filsletion
CVE-2025-37095-DIRectory Traversal Information Information
CVE-2025-37096 Execution of Remote Code
HPE StoreSonce is a disk-based backup and recovery system that uses data duplication to reduce storage needs. It is usually used by businesses, state agencies and medium-sized companies with complex IT environments.
StoreSonce supports integration with other backup and company software, such as HPE Data Protector, VEEAM, Veritas Netbackup, CommvAult and Microsoft Data Protection Manager. It also connects with sky storage through the storage of HPE Cloud Bank.
Via Bleeping computer
