Incorrect Authorization Flaw in Dell PowerScale OneFS
CVE-2025-26330

7HIGH

Key Information:

Vendor: Dell
Status: Powerscale Onefs
Vendor: CVE Published:; 10 April 2025

Summary

Dell PowerScale OneFS versions 9.4.0.0 through 9.10.0.1 exhibit an incorrect authorization vulnerability, allowing unauthenticated users with local access to exploit the system. This flaw potentially enables attackers to gain unauthorized access to the cluster using the privileges of a disabled user account, which poses serious security risks for organizations relying on this data management solution.

Affected Version(s)

PowerScale OneFS 9.4.0.0 <= 9.10.0.1

PowerScale OneFS 9.7.0.0 <= 9.7.1.4

References

https://www.dell.com/support/kbdoc/en-us/000300860/dsa-20...

vendor-advisory

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 10, 2025
Vulnerability Reserved
Feb 7, 2025