CVE-2025-26330

Published: Apr 10, 2025Modified: Jul 15, 2025

7.0

Vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.0 / Impact: 5.9

Source: security_alert@emc.com (Secondary)

Description

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an incorrect authorization vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability to access the cluster with previous privileges of a disabled user account.

Affected (1)

Products: Dell: Powerscale Onefs

1 product

Powerscale Onefs

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dell Powerscale Onefs	From 9.4.0 to 9.10.1.1

Related CWEs

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (1)

https://www.dell.com/support/kbdoc/en-us/000300860/dsa-2025-119-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities

Source: security_alert@emc.com

Vendor Advisory

Timeline

No history available yet.