CVE-2025-37096: A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
7.5
CVSS
Description
A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
Classification
CVE ID: CVE-2025-37096
CVSS Base Severity: HIGH
CVSS Base Score: 7.5
CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
Vendor: Hewlett Packard Enterprise (HPE)
Product: HPE StoreOnce Software
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.42% (probability of being exploited)
EPSS Percentile: 60.98% (scored less or equal to compared to others)
EPSS Date: 2025-06-07 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: none
SSVC Technical Impact: total
SSVC Automatable: false
References
https://nvd.nist.gov/vuln/detail/CVE-2025-37096https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbst04847en_us&docLocale=en_US