DSA-2025-347: Security Update for Dell PowerScale OneFS Multiple Vulnerabilities
摘要: Dell PowerScale OneFS remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
本文章適用於
本文章不適用於
本文無關於任何特定產品。
本文未識別所有產品版本。
影響
Medium
詳細資料
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2025-43937 | Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | 6.6 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H |
| CVE-2025-43935 | Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper resource shutdown or release vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service. | 4.4 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
| CVE-2025-43724 | Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an authorization bypass through user-controlled key vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to gain unauthorized access to NFSv4 or SMB shares. | 4.2 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L |
| CVE-2025-43883 | Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper check for unusual or exceptional conditions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service. | 4.1 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2025-43937 | Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | 6.6 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H |
| CVE-2025-43935 | Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper resource shutdown or release vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service. | 4.4 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
| CVE-2025-43724 | Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an authorization bypass through user-controlled key vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to gain unauthorized access to NFSv4 or SMB shares. | 4.2 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L |
| CVE-2025-43883 | Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper check for unusual or exceptional conditions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service. | 4.1 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H |
受影響的產品與補救措施
| Product | Affected Versions | Remediated Versions | Link |
| PowerScale OneFS | Versions 9.5.0.0 through 9.10.1.2 | Versions 9.10.1.3 or later | PowerScale OneFS Downloads Area |
| PowerScale OneFS | Versions prior to 9.12.0.0 | Versions 9.12.0.0 or later | PowerScale OneFS Downloads Area |
| PowerScale OneFS | Versions 9.7.0.0 through 9.7.1.9 | Versions 9.7.1.10 or later | PowerScale OneFS Downloads Area |
| PowerScale OneFS | Versions 9.5.0.0 through 9.5.1.4 | Versions 9.5.1.5 or later | PowerScale OneFS Downloads Area |
| Product | Affected Versions | Remediated Versions | Link |
| PowerScale OneFS | Versions 9.5.0.0 through 9.10.1.2 | Versions 9.10.1.3 or later | PowerScale OneFS Downloads Area |
| PowerScale OneFS | Versions prior to 9.12.0.0 | Versions 9.12.0.0 or later | PowerScale OneFS Downloads Area |
| PowerScale OneFS | Versions 9.7.0.0 through 9.7.1.9 | Versions 9.7.1.10 or later | PowerScale OneFS Downloads Area |
| PowerScale OneFS | Versions 9.5.0.0 through 9.5.1.4 | Versions 9.5.1.5 or later | PowerScale OneFS Downloads Area |
Notes:
- We encourage all customers to adopt the Long-Term Support (LTS) 2025 version which is 9.10.1.x code line, with the latest maintenance release.
- For more information on LTS code lines, see Dell Infrastructure Solutions Group (ISG) LTS Release Support Customer Summary and Security Update Release Schedule for Supported Versions of Dell PowerScale OneFS.
修訂歷史記錄
| Revision | Date | Description |
| 1.0 | 2025-10-01 | Initial Release |
| 1.0 | 2025-10-08 | Minor formatting adjustments |
相關資訊
法律免責聲明
受影響的產品
PowerScale OneFS文章屬性
文章編號: 000376214
文章類型: Dell Security Advisory
上次修改時間: 08 10月 2025
向其他 Dell 使用者尋求您問題的答案
支援服務
檢查您的裝置是否在支援服務的涵蓋範圍內。