ByteOS Network

Vulnerability Details :

CVE-2025-37110

Assigner-hpe

Assigner Org ID-eb103674-0d28-4225-80f8-39fb86215de0

Published At-31 Jul, 2025 | 19:41

Updated At-31 Jul, 2025 | 20:03

Sensitive Credential Information stored insecurely in System Database

A vulnerability was discovered in the storage policy for certain sets of sensitive credential information in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:hpe

Assigner Org ID:eb103674-0d28-4225-80f8-39fb86215de0

Published At:31 Jul, 2025 | 19:41

Updated At:31 Jul, 2025 | 20:03

▼CVE Numbering Authority (CNA)

Sensitive Credential Information stored insecurely in System Database

Affected Products

Vendor

Hewlett Packard Enterprise (HPE)

Product

HPE Telco Network Function Virtual Orchestrator

Default Status

unaffected

Versions

Affected

From 7.0.0 through 7.3.0 (semver)

Problem Types

Type	CWE ID	Description
CWE	CWE-922	CWE-922 Insecure Storage of Sensitive Information

Type: CWE

CWE ID: CWE-922

Description: CWE-922 Insecure Storage of Sensitive Information

Metrics

Version	Base score	Base severity	Vector
3.1	6.0	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Version: 3.1

Base score: 6.0

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

References

Hyperlink	Resource
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04891en_us	N/A

Hyperlink: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04891en_us

Resource: N/A

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:security-alert@hpe.com

Published At:31 Jul, 2025 | 20:15

Updated At:04 Aug, 2025 | 15:06

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	6.0	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 6.0

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Weaknesses

CWE ID	Type	Source
CWE-922	Secondary	security-alert@hpe.com

CWE ID: CWE-922

Type: Secondary

Source: security-alert@hpe.com

References

Hyperlink	Source	Resource
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04891en_us	security-alert@hpe.com	N/A

Hyperlink: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04891en_us

Source: security-alert@hpe.com

Resource: N/A

Similar CVEs

4Records found

CVE-2025-37112

Matching Score-8

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-8

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-6||MEDIUM

EPSS-0.01% / 0.48%

7 Day CHG~0.00%

Published-31 Jul, 2025 | 19:42

Updated-04 Aug, 2025 | 15:06

Hard-Coded Encryption Keys found in System

A vulnerability was discovered in the storage policy for certain sets of encryption keys in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information.

Vendor-Hewlett Packard Enterprise (HPE)

Product-HPE Telco Network Function Virtual Orchestrator

CWE ID-CWE-798

Use of Hard-coded Credentials

CVE-2025-37111

Matching Score-8

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-8

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-6||MEDIUM

EPSS-0.02% / 2.62%

7 Day CHG~0.00%

Published-31 Jul, 2025 | 19:41

Updated-04 Aug, 2025 | 15:06

Hard-Coded Authentication Keys found in System

A vulnerability was discovered in the storage policy for certain sets of authentication keys in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information.

Vendor-Hewlett Packard Enterprise (HPE)

Product-HPE Telco Network Function Virtual Orchestrator

CWE ID-CWE-798

Use of Hard-coded Credentials

CVE-2022-38090

Matching Score-4

Assigner-Intel Corporation

View Details

Matching Score-4

Assigner-Intel Corporation

CVSS Score-6||MEDIUM

EPSS-0.05% / 14.60%

7 Day CHG~0.00%

Published-16 Feb, 2023 | 20:00

Updated-28 Jan, 2025 | 16:15

Improper isolation of shared resources in some Intel(R) Processors when using Intel(R) Software Guard Extensions may allow a privileged user to potentially enable information disclosure via local access.

Vendor-n/a Intel Corporation

CWE ID-CWE-922

Insecure Storage of Sensitive Information

CVE-2021-28815

Matching Score-4

Assigner-QNAP Systems, Inc.

View Details

Matching Score-4

Assigner-QNAP Systems, Inc.

CVSS Score-6||MEDIUM

EPSS-0.11% / 29.94%

7 Day CHG~0.00%

Published-16 Jun, 2021 | 04:00

Updated-17 Sep, 2024 | 01:16

Insecure Storage of Sensitive Information in myQNAPcloud Link

Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link versions prior to 2.2.21 on QTS 4.5.3; versions prior to 2.2.21 on QuTS hero h4.5.2; versions prior to 2.2.21 on QuTScloud c4.5.4.

Vendor-QNAP Systems, Inc.

Product-quts_hero myqnapcloud_link qutscloud qts myQNAPcloud Link

CWE ID-CWE-922

Insecure Storage of Sensitive Information

CVE-2025-37110

Credits

Sensitive Credential Information stored insecurely in System Database

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs