- 119/2025
- Critical
Aruba has released a security update to fix several vulnerabilities affecting HPE Aruba StoreOnce Software.
The addressed vulnerabilities could allow the remote attacker to obtain sensitive information, perform server-side request forgery attacks, manipulate data, bypass security restrictions, or execute arbitrary code and gain access to the affected systems.
Sample of the addressed vulnerabilities:
1. HPE Aruba StoreOnce Authentication Bypass Vulnerability (CVE-2025-37093):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. HPE Aruba StoreOnce Server-Side Request Forgery Vulnerability (CVE-2025- 37090):
- CVSS: 5.3
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Server-Side Request Forgery
Vulnerabilities
- CVE-2025-37089
- CVE-2025-37090
- CVE-2025-37091
- CVE-2025-37092
- CVE-2025-37093
- CVE-2025-37094
- CVE-2025-37095
- CVE-2025-37096
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.