Dell Releases Patches for Multiple PowerScale OneFS Security Vulnerabilities
Summary
Dell Technologies Security Advisory
| OEM | Dell |
| Severity | Critical |
| CVSS | 9.8 |
| CVEs | CVE-2025-27690, CVE-2025- 26330, CVE-2025-22471 |
| Exploited in Wild | No |
| Patch/Remediation Available | Yes |
| Advisory Version | 1.0 |
Overview
Dell Technologies has released security updates addressing multiple vulnerabilities of varying severity in its PowerScale OneFS operating system.
These vulnerabilities could be exploited by attackers to gain control of high-privilege accounts, bypass security mechanisms, or disrupt system functionality. Dell has issued patches for several of these issues, a summary of some key vulnerabilities is provided in the table below.
| Vulnerability Name | CVE ID | Product Affected | Severity |
| Default Password Vulnerability | CVE-2025-27690 | PowerScale OneFS | Critical |
| Incorrect Authorization Vulnerability | CVE-2025-26330 | PowerScale OneFS | High |
| Integer Overflow or Wraparound Vulnerability | CVE-2025-22471 | PowerScale OneFS | Medium |
Technical Summary
| CVE ID | System Affected | Vulnerability Details | Impact | Affected Version |
| CVE-2025-27690 | PowerScale OneFS | Dell PowerScale OneFS multiple versions contain a default password vulnerability where an unauthenticated remote attacker could potentially exploit this vulnerability, leading to the privilege escalation. | Gain Privileges or Assume Identity | Versions 9.5.0.0 through 9.10.1.0 |
| CVE-2025-26330 | PowerScale OneFS | Dell PowerScale OneFS multiple versions contain an incorrect authorization vulnerability where unauthenticated local attacker could potentially exploit this vulnerability to access the cluster with previous privileges of a disabled user account. | Unauthorized Access | Versions 9.4.0.0 through 9.10.0.1 |
| CVE-2025-22471 | PowerScale OneFS | Dell PowerScale OneFS multiple versions contain an integer overflow or wraparound vulnerability where an unauthenticated remote attacker exploits this which leads to denial of service. | Service unavailable | Versions 9.4.0.0 through 9.10.0.1 |
Remediation:
It has been recommended to upgrade to the following versions to address the security risks
| OneFS Version | Updated Version |
| 9.10.x.x | 9.10.1.1 |
| 9.9.x.x | 9.9.0.2 |
| 9.8.x.x | 9.8.0.3 |
| 9.7.x.x | 9.7.1.7 |
| 9.5.x.x | 9.5.1.3 |
Workaround for CVE-2025-27690
It’s always recommended to update to the latest version. If you’re unable to upgrade immediately, you can follow the workarounds provided by the vendor from here.
References:
Recent Posts
- Critical Session Management Vulnerability in Apache Roller
- Dell Releases Patches for Multiple PowerScale OneFS Security Vulnerabilities
- Critical Flaw in FortiSwitch of Fortinet Allows Attackers to Change Admin Password
- April Zero-Day Threats Addressed in Microsoft’s Patch Tuesday
- Spoofing Vulnerability in WhatsApp Desktop for Windows
Recent Comments
Search
Recent Comments
Recent Posts
- Critical Session Management Vulnerability in Apache Roller 15 April 2025
- Dell Releases Patches for Multiple PowerScale OneFS Security Vulnerabilities 13 April 2025
- Critical Flaw in FortiSwitch of Fortinet Allows Attackers to Change Admin Password 10 April 2025
- April Zero-Day Threats Addressed in Microsoft’s Patch Tuesday 9 April 2025
Archives
- April 2025 (10)
- March 2025 (21)
- February 2025 (18)
- January 2025 (22)
- December 2024 (10)
- November 2024 (8)
- October 2024 (6)
- September 2024 (3)
- October 2023 (9)
- June 2023 (4)