CVE-2025-36572

Published: May 28, 2025Modified: Jun 9, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: security_alert@emc.com (Secondary)

Description

Dell PowerStore, version(s) 4.0.0.0, contain(s) an Use of Hard-coded Credentials vulnerability in the PowerStore image file. A low privileged attacker with remote access, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to gain unauthorized access based on the hardcoded account's privileges.

Affected (1)

Products: Dell: Powerstoreos

Dell

1 product

Powerstoreos

Configuration A

1 vulnerable · 11 platform

Vulnerable Software	Affected Versions
Dell Powerstoreos	Before 4.0.1.3-2494147

Running on/with	Platform Versions
Dell Powerstore 1000t	All versions
Dell Powerstore 1200t	All versions
Dell Powerstore 3000t	All versions
Dell Powerstore 3200q	All versions
Dell Powerstore 3200t	All versions
Dell Powerstore 5000t	All versions
Dell Powerstore 500t	All versions
Dell Powerstore 5200t	All versions
Dell Powerstore 7000t	All versions
Dell Powerstore 9000t	All versions
Dell Powerstore 9200t	All versions

Related CWEs

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (1)

https://www.dell.com/support/kbdoc/en-us/000325205/dsa-2025-223-dell-powerstore-t-security-update-for-multiple-vulnerabilities

Source: security_alert@emc.com

Vendor Advisory

Timeline

No history available yet.