DSA-2025-208: Security Update for Dell PowerScale OneFS Multiple Vulnerabilities

Resumo: Dell PowerScale OneFS remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Este artigo aplica-se a Este artigo não se aplica a Este artigo não está vinculado a nenhum produto específico. Nem todas as versões do produto estão identificadas neste artigo.
Confira outros recursos

Impacto

Critical

Dados

Third-party Component CVEs More Information
Certifi CVE-2024-39689 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
FreeBSD CVE-2024-53580 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Python CVE-2024-6923 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Python-future CVE-2022-40899 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
OpenSSL CVE-2024-2511 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
SQLite CVE-2023-7104 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2024-53298 Dell PowerScale OneFS versions 9.5.0.0 through 9.5.1.2, versions 9.7.0.0 through 9.7.1.7 and versions 9.8.0.0 through 9.10.0.1, contains a missing authorization vulnerability in the NFS export. An unauthenticated attacker with remote access could potentially exploit this vulnerability leading to unauthorized filesystem access. The attacker may be able to read, modify, and delete arbitrary files. This vulnerability is considered critical as it can be leveraged to fully compromise the system. Dell recommends customers to upgrade at the earliest opportunity. 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-32753 Dell PowerScale OneFS, versions 9.5.0.0 through 9.7.1.7 and versions 9.8.0.0 through 9.10.0.1, contains an improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service, information disclosure, and information tampering. 5.3

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2024-53298 Dell PowerScale OneFS versions 9.5.0.0 through 9.5.1.2, versions 9.7.0.0 through 9.7.1.7 and versions 9.8.0.0 through 9.10.0.1, contains a missing authorization vulnerability in the NFS export. An unauthenticated attacker with remote access could potentially exploit this vulnerability leading to unauthorized filesystem access. The attacker may be able to read, modify, and delete arbitrary files. This vulnerability is considered critical as it can be leveraged to fully compromise the system. Dell recommends customers to upgrade at the earliest opportunity. 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-32753 Dell PowerScale OneFS, versions 9.5.0.0 through 9.7.1.7 and versions 9.8.0.0 through 9.10.0.1, contains an improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service, information disclosure, and information tampering. 5.3

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.

 

A Dell Technologies recomenda que todos os clientes levem em consideração a pontuação base CVSS e as pontuações temporais e ambientais pertinentes que possam afetar a gravidade potencial associada a uma vulnerabilidade de segurança específica.

Produtos afetados e soluções

CVEs Addressed Product Affected Versions Remediated Versions Link
CVE-2024-53298, CVE-2025-32753, CVE-2024-39689, CVE-2024-53580, CVE-2022-40899, CVE-2024-2511, CVE-2024-6923, CVE-2023-7104 PowerScale OneFS Versions 9.5.0.0 through 9.10.0.1 Version 9.10.1.0 or later PowerScale OneFS Downloads Area
CVE-2024-53298, CVE-2025-32753, CVE-2024-39689, CVE-2024-53580, CVE-2022-40899, CVE-2024-2511, CVE-2024-6923, CVE-2023-7104 PowerScale OneFS Versions 9.7.0.0 through 9.7.1.7 Version 9.7.1.8 or later PowerScale OneFS Downloads Area
CVE-2024-53298 PowerScale OneFS Versions 9.5.0.0 through 9.5.1.2 Version 9.5.1.3 or later PowerScale OneFS Downloads Area
CVE-2022-40899, CVE-2024-2511, CVE-2024-6923, CVE-2023-7104 PowerScale OneFS Versions 9.5.0.0 through 9.5.1.4 Version 9.5.1.4 or later PowerScale OneFS Downloads Area

 

CVEs Addressed Product Affected Versions Remediated Versions Link
CVE-2024-53298, CVE-2025-32753, CVE-2024-39689, CVE-2024-53580, CVE-2022-40899, CVE-2024-2511, CVE-2024-6923, CVE-2023-7104 PowerScale OneFS Versions 9.5.0.0 through 9.10.0.1 Version 9.10.1.0 or later PowerScale OneFS Downloads Area
CVE-2024-53298, CVE-2025-32753, CVE-2024-39689, CVE-2024-53580, CVE-2022-40899, CVE-2024-2511, CVE-2024-6923, CVE-2023-7104 PowerScale OneFS Versions 9.7.0.0 through 9.7.1.7 Version 9.7.1.8 or later PowerScale OneFS Downloads Area
CVE-2024-53298 PowerScale OneFS Versions 9.5.0.0 through 9.5.1.2 Version 9.5.1.3 or later PowerScale OneFS Downloads Area
CVE-2022-40899, CVE-2024-2511, CVE-2024-6923, CVE-2023-7104 PowerScale OneFS Versions 9.5.0.0 through 9.5.1.4 Version 9.5.1.4 or later PowerScale OneFS Downloads Area

 

Notes:

  1. The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
  2. We encourage all customers to adopt the Long-Term Support (LTS) 2025 version which is 9.10.x code line, with the latest maintenance.
  3. For more information on LTS code lines, see Dell Infrastructure Solutions Group (ISG) LTS Release Support Customer Summary and Security Update Release Schedule for Supported Versions of Dell PowerScale OneFS.

Soluções temporárias e atenuações

CVE ID Workaround and Mitigation

CVE-2024-53298

The vulnerability applies to all PowerScale OneFS product versions where NFSv3 or NFSv4 is enabled and an export is configured. 

 

Mitigation 

To mitigate the vulnerability without disrupting active client connections, run the following CLI command:

isi nfs export reload --zone=zone_name

This command reloads the NFS export configuration for the specified zone, reinstating proper authorization checks and mitigating the vulnerability.

Because it is a temporary fix, the vulnerability may reoccur after zone reactivation events like IP changes, interface updates, network pool changes, or node additions/removals. Run the command again after these events to keep the system protected.

 

Impact of Applying the Mitigation 

  • Existing client connections remain active and uninterrupted.
  • New mounts may experience a brief delay (less than 1 second) before succeeding.
  • Active operations are unaffected because NFS clients automatically retry during transient unavailability.

 

Note: Customers should upgrade to a remediated version as soon as possible to permanently fix CVE-2024-53298.


    

   
  

  
 


    
Histórico de revisão

    
RevisionDateDescription
1.02025-06-04Initial Release
2.02025-06-30Update to include 9.5.1.4 remediated version and CVE-2022-40899, CVE-2024-2511, CVE-2024-6923, CVE-2023-7104
3.02025-07-24Update to Workaround and Mitigation; no other changes
4.02025-08-25Updates to Workaround and Mitigation and Additional Information sections
5.02025-10-22Removed SupportAssist
6.02025-12-05Revised the Third-party components table
7.02025-12-22Update to Workaround and Mitigation; no other changes


 

    
Agradecimentos

    

 
 
  
Dell would like to thank zzcentury from Ubisectech Sirius Team for reporting CVE-2025-32753.

 


    
Informações relacionadas

    
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


        


        

        
Aviso de isenção legal

        

        
Produtos afetados

        PowerScale OneFS







                        

                            

    

        

            

                
                    
 Propriedades do artigo

                
            

            

                

                        
Número do artigo: 000326339

                

                
                

                        
Tipo de artigo: Dell Security Advisory

                

                

                        
Último modificado: 22 dez. 2025


                


            


        

    

    

        

            

                
                    
Encontre as respostas de outros usuários da Dell para suas perguntas.

                
            

            

                

                    
                



            


        

    

    

        

            

                
                    
Serviços de suporte

                
            

            

                

                    Verifique se o dispositivo está coberto pelos serviços de suporte.