Sensitive Credential Information stored insecurely in System Database_CVE-2025-37110

6 / 10

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Description

A vulnerability was discovered in the storage policy for certain sets of sensitive credential information in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information.

Basic Information

ID CVE-2025-37110

Source hpe

Published Jul 31, 2025 at 19:41

Modified Jul 31, 2025 at 20:03

Affected Product

Vendor Hewlett Packard Enterprise

Product HPE Telco Network Function Virtual Orchestrator

Version 7.0.0

Affected Versions Hewlett Packard Enterprise HPE Telco Network Function Virtual Orchestrator 7.0.0

CWE Classification

CWE-922

References

support.hpe.com /hpesc/public/docDisplay

{
    "lastseen": "",
    "description": "A vulnerability was discovered in the storage policy for certain sets of sensitive credential information in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information.",
    "published": "2025-07-31T19:41:39.665Z",
    "modified": "2025-07-31T20:03:53.635Z",
    "type": "cve",
    "title": "Sensitive Credential Information stored insecurely in System Database",
    "source": "hpe",
    "references": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04891en_us",
    "id": "CVE-2025-37110",
    "bulletinFamily": "",
    "cwe": [
        "CWE-922"
    ],
    "cvelist": null,
    "sourceData": "Hewlett Packard Enterprise HPE Telco Network Function Virtual Orchestrator 7.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 6,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "HPE Telco Network Function Virtual Orchestrator",
    "version": "7.0.0",
    "vendor": "Hewlett Packard Enterprise",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}