CVE-2025-37087 – HPE Performance Cluster Manager (HPCM) Arbitrary File Access Vulnerability

April 22, 2025

CVE ID : CVE-2025-37087

Published : April 22, 2025, 9:15 p.m. | 1 hour, 35 minutes ago

Description : A vulnerability in the cmdb service of the HPE Performance Cluster Manager (HPCM) could allow an attacker to gain access to an arbitrary file on the server host.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-27087 – Cray Operating System (COS) Kernel Local Denial of Service (DoS)

Next Article CVE-2025-32965 – XRP Ledger Malicious Code Exfiltration in xrpl.js

Highlights

CVE-2025-24291 – “Versa Networks Director Java Argument Injection Vulnerability”

June 18, 2025

CVE ID : CVE-2025-24291

Published : June 19, 2025, 12:15 a.m. | 1 hour, 47 minutes ago

Description : The Versa Director SD-WAN orchestration platform provides functionality to upload various types of files. However, the Java code handling file uploads contains an argument injection vulnerability. By appending additional arguments to the file name, an attacker can bypass MIME type validation, allowing the upload of arbitrary file types. This flaw can be exploited to place a malicious file on disk.

Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers.

There are no workarounds to disable the GUI option. Versa recommends that Director be upgraded to one of the remediated software versions.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: A Unique Way to Primary Key

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Parasoft brings agentic AI to service virtualization in latest release

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

The best CRM software with email marketing in 2025: Expert tested and reviewed

This multi-port car charger can power 4 gadgets at once – and it’s surprisingly cheap

I’m a wearables editor and here are the 7 Pixel Watch 4 rumors I’m most curious about

8 ways I quickly leveled up my Linux skills – and you can too

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

Zero Trust & Cybersecurity Mesh: Your Org’s Survival Guide

Execute Ping Commands and Get Back Structured Data in PHP

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

“I don’t think I changed his mind” — NVIDIA CEO comments on H20 AI GPU sales resuming in China following a meeting with President Trump

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

CVE-2025-37087 – HPE Performance Cluster Manager (HPCM) Arbitrary File Access Vulnerability

CVE-2025-44658 – Netgear RAX30 PHP-FPM Misconfigured Extension Bypass Vulnerability

CVE-2025-7393 – Drupal Mail Login Authentication Bypass

CVE-2025-52821 – Thanhtungtnt Video List Manager SQL Injection

Musical Ghost Hunt Meets Hotel Rehab in Xbox’s New Simulator

CVE-2025-7518 – RSFirewall! WordPress Path Traversal Vulnerability

Google’s popular AI tool gets its own Android app – how to use NotebookLM on your phone

CVE-2025-24291 – “Versa Networks Director Java Argument Injection Vulnerability”

Transformer Meets Diffusion: How the Transfusion Architecture Empowers GPT-4o’s Creativity

NVIDIA Introduces ProRL: Long-Horizon Reinforcement Learning Boosts Reasoning and Generalization

The Service Library Service

CVE-2025-37087 – HPE Performance Cluster Manager (HPCM) Arbitrary File Access Vulnerability

Related Posts