DSA-2025-154: Security Update for Dell ECS and ObjectScale Use of Hard-coded SSH Cryptographic Key Vulnerability

Summary: Dell ECS and ObjectScale remediation is available for use of hard-coded SSH cryptographic key vulnerability that could be exploited by malicious users to compromise the affected system. ...

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

High

Additional Details

This Security Advisory communicates vulnerabilities affecting versions prior to ECS 3.8.1.5 and ObjectScale 4.0.0.0 only when those versions are reached through an upgrade path. Fresh installations of ECS 3.8.0.x, ECS 3.8.1.x and ObjectScale 4.0.0.x or later are not affected. To mitigate the vulnerabilities, customers must first upgrade to a remediated version, then perform the ‘Rotate SSH Keys’ procedure referenced in the ‘Workaround and Mitigation’ section.

Details

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2025-26476 Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0, contain a Use of Hard-coded Cryptographic Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2025-26476 Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0, contain a Use of Hard-coded Cryptographic Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

 

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Product Affected Versions Remediated Versions Link
ECS Versions prior to 3.8.1.5 Version 3.8.1.5 or later Open a Service Request for an Operating Environment Upgrade and Quote DSA-2025-154
ObjectScale Version 4.0.0.0 Version 4.0.0.0 or later Open a Service Request for an Operating Environment Upgrade and Quote DSA-2025-154

 

Product Affected Versions Remediated Versions Link
ECS Versions prior to 3.8.1.5 Version 3.8.1.5 or later Open a Service Request for an Operating Environment Upgrade and Quote DSA-2025-154
ObjectScale Version 4.0.0.0 Version 4.0.0.0 or later Open a Service Request for an Operating Environment Upgrade and Quote DSA-2025-154

 

Notes:

  1. Dell recommends all customers have their ObjectScale/ ECS systems upgraded at the earliest opportunity by opening an “Operating Environment Upgrade” Service Request.
  2. Please visit the Security Update Release Schedule for Supported Versions of ObjectScale (formerly ECS) for more information regarding upcoming security releases.
  3. A fresh installation refers to the process of deploying Dell ECS or ObjectScale on a system where all previous configurations, data, and components have been completely removed. This term applies to both:
    1. New Installations: Installing ECS/ObjectScale on a clean, unused system.
    2. Re-installations: Re-deploying ECS/ObjectScale after wiping out an existing environment to return it to a clean state.

Workarounds & Mitigations

CVE ID Workaround and Mitigation
CVE-2025-26476 Customers are required to upgrade to a remediated version first, then perform the ‘Rotate SSH Keys’ procedure to complete remediation as documented in KB 000339248: Dell ECS and Dell ObjectScale: Use of Hard Coded SSH Cryptographic Key Vulnerability Remediation.

 

Revision History

RevisionDateDescription
1.02025-07-28Initial Release
2.02025-07-30Expanded product tagging and updated display text for KB 000339248

 

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

ECS, ObjectScale, ECS Appliance, ECS Appliance Hardware Series, ECS Appliance Software with Encryption, ECS Appliance Software without Encryption, ObjectScale Appliance Software with Encryption, ObjectScale Appliance Software without Encryption , ObjectScale Appliance Series, ObjectScale Software Series ...
Article Properties
Article Number: 000339134
Article Type: Dell Security Advisory
Last Modified: 30 Jul 2025
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.