Authorization Bypass in Dell PowerScale OneFS Affects User Shares
CVE-2025-43724

4.4MEDIUM

Key Information:

Vendor: Dell
Status: Powerscale Onefs
Vendor: CVE Published:; 8 October 2025

What is CVE-2025-43724?

Dell PowerScale OneFS is susceptible to an authorization bypass due to inadequate controls on user-defined keys. This vulnerability could allow high-privileged attackers with local access to exploit the system and gain unauthorized access to sensitive NFSv4 or SMB shares. Users are advised to upgrade to version 9.12.0.0 or later to mitigate the risk associated with this vulnerability.

Affected Version(s)

PowerScale OneFS < 9.12.0.0

References

https://www.dell.com/support/kbdoc/en-us/000376214/dsa-20...

vendor-advisory

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 8, 2025
Vulnerability Reserved
Apr 17, 2025

JSON