Skip to main content
A Singapore Government Agency Website How to identify
Official website links end with .gov.sg
Government agencies communicate via .gov.sg websites (e.g. go.gov.sg/open). Trusted websites
Secure websites use HTTPS
Look for a lock () or https:// as an added precaution. Share sensitive information only on official, secure websites.

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Critical Vulnerability in Hewlett Packard Enterprise StoreOnce Software

5 June 2025

Hewlett Packard Enterprise (HPE) has released security updates to address a critical vulnerability (CVE-2025-37093) impacting StoreOnce, its disk-based backup and deduplication solution.

Background

Hewlett Packard Enterprise (HPE) has released security updates to address a critical vulnerability (CVE-2025-37093) impacting StoreOnce, its disk-based backup and deduplication solution. The vulnerability has a Common Vulnerability Scoring System (CVSSv3.1) score of 9.8 out of 10.

Impact

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on victims’ systems in HPE StoreOnce Software.

Affected Products

This vulnerability affects all HPE StoreOnce Software versions prior to v4.3.11.

Mitigation

Users and administrators of affected products are advised to update to the latest versions.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-37093

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbst04847en_us&docLocale=en_US

https://www.bleepingcomputer.com/news/security/hewlett-packard-enterprise-warns-of-critical-storeonce-auth-bypass/amp/


Back to top