HPE security advisory (AV25-427)

Serial number: AV25-427
Date: July 16, 2025

On July 16, 2025, HPE published security advisories to address vulnerabilities in the following products:

• HPE Telco Service Orchestrator – versions prior to v5.2.1
• HPE Cray XD670 – version prior to TPM Firmware v7.86
• HPE Cray XD675 – version prior to TPM Firmware v15.24

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• HPE Security Bulletin - HPESBNW04875 rev.1 - HPE Telco Service Orchestrator Software, Authenticated SQL Injection
• HPESBCR04898 rev.1 - Certain HPE Cray XD Servers Using Certain TPM 2.0, Local Denial of Service Vulnerability
• HPE Security Bulletin Library