Ref# ADV2025_207 | Date: Jul 17th 2025

---

HPE has published a security advisory highlighting vulnerabilities in the following products on July 16th, 2025. It is recommended that you take the necessary precautions by ensuring your products are always updated. 

• HPE Telco Service Orchestrator – versions prior to v5.2.1 
• HPE Cray XD670 – version prior to TPM Firmware v7.86 
• HPE Cray XD675 – version prior to TPM Firmware v15.24 

For more information on these updates, you can follow these URLs: 

• HPE Security Bulletin – HPESBNW04875 rev.1 – HPE Telco Service Orchestrator Software, Authenticated SQL Injection 
• HPESBCR04898 rev.1 – Certain HPE Cray XD Servers Using Certain TPM 2.0, Local Denial of Service Vulnerability

The Guyana National CIRT recommends that users and administrators review these updates and apply them where necessary. 

PDF Download: HPE Security Advisory

References 

• HPE Security Bulletin Library. (July 16th, 2025). Retrieved from HPE. https://support.hpe.com/connect/s/securitybulletinlibrary?language=en_US 
• HPE Security Advisory. (July 16th, 2025). Retrieved from Canadian Centre for Cyber Security. https://www.cyber.gc.ca/en/alerts-advisories/hpe-security-advisory-av25-427