Dell Alerts Users to Critical PowerScale OneFS Flaws Enabling Account Takeover

Dell Technologies has issued an urgent security advisory to its users, warning of several critical vulnerabilities in its PowerScale OneFS operating system.

These flaws, if exploited, could allow attackers to take over high-privileged user accounts, bypass authorization controls, and disrupt system operations.

The vulnerabilities, tracked under multiple CVEs, range in severity and attack vectors.

They span versions of PowerScale OneFS from 9.4.0.0 to 9.10.1.0, with potential impacts including account takeover, unauthorized access, and denial of service.

Key Details of the Vulnerabilities

CVE-2025-27690

• Description: A use of default password vulnerability exists in PowerScale OneFS versions 9.5.0.0 through 9.10.1.0. An unauthenticated attacker with remote access could exploit this flaw to gain control over a high-privileged user account.
• CVSS Base Score: 9.8 (Critical)
• CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2025-26330

• Description: Found in PowerScale OneFS versions 9.4.0.0 through 9.10.0.1, this vulnerability allows an unauthenticated attacker with local access to leverage incorrect authorization protocols to access a cluster with the privileges of a disabled user account.
• CVSS Base Score: 7.0 (High)
• CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2025-22471

• Description: Present in versions 9.4.0.0 through 9.10.0.1, this integer overflow vulnerability enables unauthenticated remote attackers to cause denial of service.
• CVSS Base Score: 6.5 (Medium)
• CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products and Remediation

Dell urges all PowerScale OneFS users to upgrade their systems to the latest remediated versions to protect against these critical vulnerabilities.

Below is a summary of the affected products, versions, and remediation details:

CVEs Addressed	Product	Affected Versions	Remediated Versions
CVE-2025-23378	PowerScale OneFS	9.4.0.0 through 9.10.0.0	9.10.1.1 or later
CVE-2025-26479, CVE-2025-26330, CVE-2025-22471	PowerScale OneFS	9.4.0.0 through 9.10.0.1	9.10.1.1 or later
CVE-2025-26480	PowerScale OneFS	9.5.0.0 through 9.10.0.0	9.10.1.1 or later
CVE-2025-22471	PowerScale OneFS	9.4.0.0 through 9.4.0.20	9.4.0.21 or later

Dell strongly recommends updating affected systems immediately to prevent exploitation.

Admins should check their current software versions and apply the patches available in the PowerScale OneFS Downloads Area.

These vulnerabilities highlight the importance of maintaining regular software updates to prevent serious security risks.

Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!