CVE-2025-9127

Published: Dec 4, 2025Modified: Feb 3, 2026

8.4

Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: psirt@purestorage.com (Secondary)

Description

A vulnerability exists in PX Enterprise whereby sensitive information may be logged under specific conditions.

Affected (5)

Products: Purestorage: Portworx

Purestorage

1 product

Portworx

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Purestorage Portworx	From 3.1.1 to 3.1.9
Purestorage Portworx	From 3.2.0 to 3.2.4
Purestorage Portworx	From 3.3.1 to 3.3.1.3
Purestorage Portworx	Version 2.13.12
Purestorage Portworx	Version 3.3.0

Related CWEs

CWE-116

Improper Encoding or Escaping of Output

The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

References (1)

https://support.purestorage.com/category/m_pure_storage_product_security

Source: psirt@purestorage.com

Vendor Advisory

Timeline

No history available yet.