Use of Hard-coded Credentials in Dell PowerStore
CVE-2025-36572

6.5MEDIUM

Key Information:

Vendor: Dell
Status: Powerstore
Vendor: CVE Published:; 28 May 2025

What is CVE-2025-36572?

The Dell PowerStore product line has been identified to contain a vulnerability related to hard-coded credentials within its image file. This issue allows a low-privileged attacker, equipped with remote access and knowledge of the hard-coded credentials, to exploit this flaw. If successfully exploited, the attacker could gain unauthorized access to the system, utilizing the privileges associated with the compromised account. This vulnerability highlights the importance of addressing hard-coded credentials in systems to mitigate potential security risks.

Affected Version(s)

PowerStore < 4.0.1.3-2494147

References

https://www.dell.com/support/kbdoc/en-us/000325205/dsa-20...

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2025
Vulnerability Reserved
Apr 15, 2025