DSA-2025-208: Security Update for Dell PowerScale OneFS Multiple Vulnerabilities

Summary: Dell PowerScale OneFS remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

Critical

Details

Third-party Component CVEs More Information
Certifi CVE-2024-39689 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
FreeBSD CVE-2024-53580 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Python CVE-2024-6923 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Python-future CVE-2022-40899 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
OpenSSL CVE-2024-2511 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
SQLite CVE-2023-7104 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2024-53298 Dell PowerScale OneFS versions 9.5.0.0 through 9.5.1.2, versions 9.7.0.0 through 9.7.1.7 and versions 9.8.0.0 through 9.10.0.1, contains a missing authorization vulnerability in the NFS export. An unauthenticated attacker with remote access could potentially exploit this vulnerability leading to unauthorized filesystem access. The attacker may be able to read, modify, and delete arbitrary files. This vulnerability is considered critical as it can be leveraged to fully compromise the system. Dell recommends customers to upgrade at the earliest opportunity. 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-32753 Dell PowerScale OneFS, versions 9.5.0.0 through 9.7.1.7 and versions 9.8.0.0 through 9.10.0.1, contains an improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service, information disclosure, and information tampering. 5.3

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2024-53298 Dell PowerScale OneFS versions 9.5.0.0 through 9.5.1.2, versions 9.7.0.0 through 9.7.1.7 and versions 9.8.0.0 through 9.10.0.1, contains a missing authorization vulnerability in the NFS export. An unauthenticated attacker with remote access could potentially exploit this vulnerability leading to unauthorized filesystem access. The attacker may be able to read, modify, and delete arbitrary files. This vulnerability is considered critical as it can be leveraged to fully compromise the system. Dell recommends customers to upgrade at the earliest opportunity. 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-32753 Dell PowerScale OneFS, versions 9.5.0.0 through 9.7.1.7 and versions 9.8.0.0 through 9.10.0.1, contains an improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service, information disclosure, and information tampering. 5.3

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.

 

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

CVEs Addressed Product Affected Versions Remediated Versions Link
CVE-2024-53298, CVE-2025-32753, CVE-2024-39689, CVE-2024-53580, CVE-2022-40899, CVE-2024-2511, CVE-2024-6923, CVE-2023-7104 PowerScale OneFS Versions 9.5.0.0 through 9.10.0.1 Version 9.10.1.0 or later PowerScale OneFS Downloads Area
CVE-2024-53298, CVE-2025-32753, CVE-2024-39689, CVE-2024-53580, CVE-2022-40899, CVE-2024-2511, CVE-2024-6923, CVE-2023-7104 PowerScale OneFS Versions 9.7.0.0 through 9.7.1.7 Version 9.7.1.8 or later PowerScale OneFS Downloads Area
CVE-2024-53298 PowerScale OneFS Versions 9.5.0.0 through 9.5.1.2 Version 9.5.1.3 or later PowerScale OneFS Downloads Area
CVE-2022-40899, CVE-2024-2511, CVE-2024-6923, CVE-2023-7104 PowerScale OneFS Versions 9.5.0.0 through 9.5.1.4 Version 9.5.1.4 or later PowerScale OneFS Downloads Area

 

CVEs Addressed Product Affected Versions Remediated Versions Link
CVE-2024-53298, CVE-2025-32753, CVE-2024-39689, CVE-2024-53580, CVE-2022-40899, CVE-2024-2511, CVE-2024-6923, CVE-2023-7104 PowerScale OneFS Versions 9.5.0.0 through 9.10.0.1 Version 9.10.1.0 or later PowerScale OneFS Downloads Area
CVE-2024-53298, CVE-2025-32753, CVE-2024-39689, CVE-2024-53580, CVE-2022-40899, CVE-2024-2511, CVE-2024-6923, CVE-2023-7104 PowerScale OneFS Versions 9.7.0.0 through 9.7.1.7 Version 9.7.1.8 or later PowerScale OneFS Downloads Area
CVE-2024-53298 PowerScale OneFS Versions 9.5.0.0 through 9.5.1.2 Version 9.5.1.3 or later PowerScale OneFS Downloads Area
CVE-2022-40899, CVE-2024-2511, CVE-2024-6923, CVE-2023-7104 PowerScale OneFS Versions 9.5.0.0 through 9.5.1.4 Version 9.5.1.4 or later PowerScale OneFS Downloads Area

 

Notes:

  1. The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
  2. We encourage all customers to adopt the Long-Term Support (LTS) 2025 version which is 9.10.x code line, with the latest maintenance.
  3. For more information on LTS code lines, see Dell Infrastructure Solutions Group (ISG) LTS Release Support Customer Summary and Security Update Release Schedule for Supported Versions of Dell PowerScale OneFS.

Workarounds & Mitigations

CVE ID Workaround and Mitigation

CVE-2024-53298

The vulnerability applies to all PowerScale OneFS product versions where NFSv3 or NFSv4 is enabled and an export is configured. 

 

Mitigation 

To mitigate the vulnerability without disrupting active client connections, run the following CLI command:

isi nfs export reload --zone=zone_name

This command reloads the NFS export configuration for the specified zone, reinstating proper authorization checks and mitigating the vulnerability.

Because it is a temporary fix, the vulnerability may reoccur after zone reactivation events like IP changes, interface updates, network pool changes, or node additions/removals. Run the command again after these events to keep the system protected.

 

Impact of Applying the Mitigation 

  • Existing client connections remain active and uninterrupted.
  • New mounts may experience a brief delay (less than 1 second) before succeeding.
  • Active operations are unaffected because NFS clients automatically retry during transient unavailability.

 

Note: Customers should upgrade to a remediated version as soon as possible to permanently fix CVE-2024-53298.


    

   
  

  
 


    
Revision History

    
RevisionDateDescription
1.02025-06-04Initial Release
2.02025-06-30Update to include 9.5.1.4 remediated version and CVE-2022-40899, CVE-2024-2511, CVE-2024-6923, CVE-2023-7104
3.02025-07-24Update to Workaround and Mitigation; no other changes
4.02025-08-25Updates to Workaround and Mitigation and Additional Information sections
5.02025-10-22Removed SupportAssist
6.02025-12-05Revised the Third-party components table
7.02025-12-22Update to Workaround and Mitigation; no other changes


 

    
Acknowledgements

    

 
 
  
Dell would like to thank zzcentury from Ubisectech Sirius Team for reporting CVE-2025-32753.

 


    
Related Information

    
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


        


        

        
Legal Disclaimer

        

        
Affected Products

        PowerScale OneFS







                        

                            

    

        

            

                
                    
 Article Properties

                
            

            

                

                        
Article Number: 000326339

                

                
                

                        
Article Type: Dell Security Advisory

                

                

                        
Last Modified: 22 Dec 2025


                


            


        

    

    

        

            

                
                    
Find answers to your questions from other Dell users

                
            

            

                

                    
                



            


        

    

    

        

            

                
                    
Support Services

                
            

            

                

                    Check if your device is covered by Support Services.