Sensitive Information Exposure in Dell PowerScale OneFS
CVE-2025-43937

6.6MEDIUM

Key Information:

Vendor: Dell
Status: Powerscale Onefs
Vendor: CVE Published:; 16 April 2026

What is CVE-2025-43937?

Dell PowerScale OneFS, in versions prior to 9.12.0.0, has a vulnerability that allows an attacker with local access to exploit a flaw in the logging mechanism. This flaw may lead to the inclusion of sensitive information in log files, potentially exposing user credentials. An attacker leveraging this exposure could gain unauthorized access to the application utilizing the compromised account's privileges, raising significant security concerns for users and administrators.

Affected Version(s)

PowerScale OneFS 9.5.0.0 < 9.10.1.3

PowerScale OneFS 0 < 9.12.0.0

PowerScale OneFS 9.7.0.0 < 9.7.1.9

References

https://www.dell.com/support/kbdoc/en-us/000376214/dsa-20...

vendor-advisory

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2026
Vulnerability Reserved
Apr 20, 2025

CVE-2025-43937 Data

JSON