Vulnerability-Lookup

WID-SEC-W-2025-0725

Vulnerability from csaf_certbund - Published: 2025-04-07 22:00 - Updated: 2025-04-07 22:00

Summary

Dell PowerScale OneFS: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: PowerScale ist eine NAS-Plattform, die für die Verwaltung großer Datenmengen in unternehmenskritischen Umgebungen optimiert ist.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Dell PowerScale ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen, Daten zu manipulieren, vertrauliche Informationen preiszugeben und erhöhte Berechtigungen zu erlangen.

Betroffene Betriebssysteme: - Sonstiges

CVE-2025-22471

CVE-2025-23378

CVE-2025-26330

CVE-2025-26479

CVE-2025-26480

CVE-2025-27690

References

URL

Category

	https://wid.cert-bund.de/.well-known/csaf/white/2…	self
	https://wid.cert-bund.de/portal/wid/securityadvis…	self
	https://www.dell.com/support/kbdoc/de-de/00030086…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "PowerScale ist eine NAS-Plattform, die f\u00fcr die Verwaltung gro\u00dfer Datenmengen in unternehmenskritischen Umgebungen optimiert ist.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Dell PowerScale ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren, Daten zu manipulieren, vertrauliche Informationen preiszugeben und erh\u00f6hte Berechtigungen zu erlangen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0725 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0725.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0725 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0725"
      },
      {
        "category": "external",
        "summary": "DELL Security Update vom 2025-04-07",
        "url": "https://www.dell.com/support/kbdoc/de-de/000300860/dsa-2025-119-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities"
      }
    ],
    "source_lang": "en-US",
    "title": "Dell PowerScale OneFS: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-04-07T22:00:00.000+00:00",
      "generator": {
        "date": "2025-04-08T10:05:13.248+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2025-0725",
      "initial_release_date": "2025-04-07T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-04-07T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "OneFS \u003c9.10.1.1",
                "product": {
                  "name": "Dell PowerScale OneFS \u003c9.10.1.1",
                  "product_id": "T042460"
                }
              },
              {
                "category": "product_version",
                "name": "OneFS 9.10.1.1",
                "product": {
                  "name": "Dell PowerScale OneFS 9.10.1.1",
                  "product_id": "T042460-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:powerscale_onefs:onefs__9.10.1.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "OneFS \u003c9.4.0.21",
                "product": {
                  "name": "Dell PowerScale OneFS \u003c9.4.0.21",
                  "product_id": "T042461"
                }
              },
              {
                "category": "product_version",
                "name": "OneFS 9.4.0.21",
                "product": {
                  "name": "Dell PowerScale OneFS 9.4.0.21",
                  "product_id": "T042461-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:powerscale_onefs:onefs__9.4.0.21"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "OneFS \u003c9.5.1.3",
                "product": {
                  "name": "Dell PowerScale OneFS \u003c9.5.1.3",
                  "product_id": "T042462"
                }
              },
              {
                "category": "product_version",
                "name": "OneFS 9.5.1.3",
                "product": {
                  "name": "Dell PowerScale OneFS 9.5.1.3",
                  "product_id": "T042462-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:powerscale_onefs:onefs__9.5.1.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "OneFS \u003c9.7.1.5",
                "product": {
                  "name": "Dell PowerScale OneFS \u003c9.7.1.5",
                  "product_id": "T042463"
                }
              },
              {
                "category": "product_version",
                "name": "OneFS 9.7.1.5",
                "product": {
                  "name": "Dell PowerScale OneFS 9.7.1.5",
                  "product_id": "T042463-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:powerscale_onefs:onefs__9.7.1.5"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "OneFS \u003c9.8.0.3",
                "product": {
                  "name": "Dell PowerScale OneFS \u003c9.8.0.3",
                  "product_id": "T042464"
                }
              },
              {
                "category": "product_version",
                "name": "OneFS 9.8.0.3",
                "product": {
                  "name": "Dell PowerScale OneFS 9.8.0.3",
                  "product_id": "T042464-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:powerscale_onefs:onefs__9.8.0.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "OneFS \u003c9.9.0.2",
                "product": {
                  "name": "Dell PowerScale OneFS \u003c9.9.0.2",
                  "product_id": "T042465"
                }
              },
              {
                "category": "product_version",
                "name": "OneFS 9.9.0.2",
                "product": {
                  "name": "Dell PowerScale OneFS 9.9.0.2",
                  "product_id": "T042465-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:powerscale_onefs:onefs__9.9.0.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "OneFS \u003c9.7.1.7",
                "product": {
                  "name": "Dell PowerScale OneFS \u003c9.7.1.7",
                  "product_id": "T042466"
                }
              },
              {
                "category": "product_version",
                "name": "OneFS 9.7.1.7",
                "product": {
                  "name": "Dell PowerScale OneFS 9.7.1.7",
                  "product_id": "T042466-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:powerscale_onefs:onefs__9.7.1.7"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "PowerScale"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-22471",
      "product_status": {
        "known_affected": [
          "T042460",
          "T042461",
          "T042462",
          "T042463"
        ]
      },
      "release_date": "2025-04-07T22:00:00.000+00:00",
      "title": "CVE-2025-22471"
    },
    {
      "cve": "CVE-2025-23378",
      "product_status": {
        "known_affected": [
          "T042464",
          "T042465",
          "T042460",
          "T042461",
          "T042462",
          "T042463"
        ]
      },
      "release_date": "2025-04-07T22:00:00.000+00:00",
      "title": "CVE-2025-23378"
    },
    {
      "cve": "CVE-2025-26330",
      "product_status": {
        "known_affected": [
          "T042464",
          "T042465",
          "T042460",
          "T042461",
          "T042462",
          "T042463"
        ]
      },
      "release_date": "2025-04-07T22:00:00.000+00:00",
      "title": "CVE-2025-26330"
    },
    {
      "cve": "CVE-2025-26479",
      "product_status": {
        "known_affected": [
          "T042464",
          "T042465",
          "T042460",
          "T042461",
          "T042462",
          "T042463"
        ]
      },
      "release_date": "2025-04-07T22:00:00.000+00:00",
      "title": "CVE-2025-26479"
    },
    {
      "cve": "CVE-2025-26480",
      "product_status": {
        "known_affected": [
          "T042464",
          "T042465",
          "T042460",
          "T042462",
          "T042463"
        ]
      },
      "release_date": "2025-04-07T22:00:00.000+00:00",
      "title": "CVE-2025-26480"
    },
    {
      "cve": "CVE-2025-27690",
      "product_status": {
        "known_affected": [
          "T042464",
          "T042465",
          "T042466",
          "T042460",
          "T042462",
          "T042463"
        ]
      },
      "release_date": "2025-04-07T22:00:00.000+00:00",
      "title": "CVE-2025-27690"
    }
  ]
}

CVE-2025-22471 (GCVE-0-2025-22471)

Vulnerability from cvelistv5 – Published: 2025-04-10 02:16 – Updated: 2025-04-10 14:27

Summary

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an integer overflow or wraparound vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE

CWE-190 - Integer Overflow or Wraparound

Assigner

dell

References

URL

Tags

https://www.dell.com/support/kbdoc/en-us/00030086…

vendor-advisory

Impacted products

	Vendor	Product	Version
	Dell	PowerScale OneFS	Affected: 9.4.0.0 , ≤ 9.10.0.1 (semver) Affected: 9.4.0.0 , ≤ 9.4.0.20 (semver) Affected: 9.5.0.0 , ≤ 9.5.1.2 (semver) Affected: 9.7.0.0 , ≤ 9.7.1.4 (semver)

Date Public ?

2025-04-07 06:30

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-22471",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-10T14:24:27.159494Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-10T14:27:34.596Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PowerScale OneFS",
          "vendor": "Dell",
          "versions": [
            {
              "lessThanOrEqual": "9.10.0.1",
              "status": "affected",
              "version": "9.4.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.4.0.20",
              "status": "affected",
              "version": "9.4.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.5.1.2",
              "status": "affected",
              "version": "9.5.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.7.1.4",
              "status": "affected",
              "version": "9.7.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-04-07T06:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an integer overflow or wraparound vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.\u003cbr\u003e"
            }
          ],
          "value": "Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an integer overflow or wraparound vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190: Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-10T02:16:44.715Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000300860/dsa-2025-119-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2025-22471",
    "datePublished": "2025-04-10T02:16:44.715Z",
    "dateReserved": "2025-01-07T06:04:12.134Z",
    "dateUpdated": "2025-04-10T14:27:34.596Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-23378 (GCVE-0-2025-23378)

Vulnerability from cvelistv5 – Published: 2025-04-10 02:26 – Updated: 2025-04-10 14:26

Summary

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an exposure of information through directory listing vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure.

Severity ?

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-548 - Exposure of Information Through Directory Listing

Assigner

dell

References

URL

Tags

https://www.dell.com/support/kbdoc/en-us/00030086…

vendor-advisory

Impacted products

	Vendor	Product	Version
	Dell	PowerScale OneFS	Affected: 9.4.0.0 , ≤ 9.10.0.0 (semver) Affected: 9.5.0.0 , ≤ 9.5.1.2 (semver) Affected: 9.7.0.0 , ≤ 9.7.1.4 (semver)

Date Public ?

2025-04-07 06:30

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-23378",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-10T14:24:10.676153Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-10T14:26:59.708Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PowerScale OneFS",
          "vendor": "Dell",
          "versions": [
            {
              "lessThanOrEqual": "9.10.0.0",
              "status": "affected",
              "version": "9.4.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.5.1.2",
              "status": "affected",
              "version": "9.5.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.7.1.4",
              "status": "affected",
              "version": "9.7.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-04-07T06:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an exposure of information through directory listing vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure.\u003cbr\u003e"
            }
          ],
          "value": "Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an exposure of information through directory listing vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-548",
              "description": "CWE-548: Exposure of Information Through Directory Listing",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-10T02:26:43.448Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000300860/dsa-2025-119-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2025-23378",
    "datePublished": "2025-04-10T02:26:43.448Z",
    "dateReserved": "2025-01-15T06:04:03.641Z",
    "dateUpdated": "2025-04-10T14:26:59.708Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-27690 (GCVE-0-2025-27690)

Vulnerability from cvelistv5 – Published: 2025-04-10 02:04 – Updated: 2026-02-26 18:28

Summary

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.0, contains a use of default password vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to the takeover of a high privileged user account.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-1393 - Use of Default Password

Assigner

dell

References

URL

Tags

https://www.dell.com/support/kbdoc/en-us/00030086…

vendor-advisory

Impacted products

	Vendor	Product	Version
	Dell	PowerScale OneFS	Affected: 9.5.0.0 , ≤ 9.5.1.2 (semver) Affected: 9.6.0.0 , ≤ 9.7.1.6 (semver) Affected: 9.8.0.0 , ≤ 9.8.0.2 (semver) Affected: 9.9.0.0 , ≤ 9.9.0.1 (semver) Affected: 9.10.0.0 , ≤ 9.10.1.0 (semver)

Date Public ?

2025-04-07 06:30

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-27690",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-11T03:55:25.684034Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T18:28:28.144Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PowerScale OneFS",
          "vendor": "Dell",
          "versions": [
            {
              "lessThanOrEqual": "9.5.1.2",
              "status": "affected",
              "version": "9.5.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.7.1.6",
              "status": "affected",
              "version": "9.6.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.8.0.2",
              "status": "affected",
              "version": "9.8.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.9.0.1",
              "status": "affected",
              "version": "9.9.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.10.1.0",
              "status": "affected",
              "version": "9.10.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-04-07T06:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.0, contains a use of default password vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to the takeover of a high privileged user account.\u003cbr\u003e"
            }
          ],
          "value": "Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.0, contains a use of default password vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to the takeover of a high privileged user account."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1393",
              "description": "CWE-1393: Use of Default Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-10T02:04:43.949Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000300860/dsa-2025-119-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThese independent workarounds can be in place until an upgrade to a fixed release, or patch can be applied.\u003c/p\u003e\u003cp\u003eNote: Authentication Provider hash types can be viewed with \u003cspan style=\"background-color: rgb(236, 240, 241);\"\u003eisi auth file view System\u003c/span\u003e\u0026nbsp;in the \"Password Hash Type\" entry.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eWorkaround 1:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eAdd the impacted users to the \"Users who cannot be modified\" list. For clusters that have not switched to SHA256 or SHA512 hash types:\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(236, 240, 241);\"\u003e\u003ccode\u003eisi auth file modify System --add-unmodifiable-users=compadmin,remotesupport,ese,insightiq,www,nobody,git_daemon,isdmgmt --remove-modifiable-users=compadmin,remotesupport,ese,insightiq,www,nobody,git_daemon,isdmgmt --restrict-modifiable=true\u003c/code\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003eFor clusters that have switched to SHA256 or SHA512 hash types: Add above users, but also include other file provider users with system privileges:\u003c/p\u003e\u003cp\u003e\u003ccode\u003e\u003cspan style=\"background-color: rgb(236, 240, 241);\"\u003eisi auth file modify System --add-unmodifiable-users=root,admin --remove-modifiable-users=root,admin --restrict-modifiable=true\u003c/span\u003e\u003c/code\u003e\u003c/p\u003e\u003cp\u003eOnce the patch is applied, if you use the users, you can make them modifiable again.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eWorkaround 2:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eFor clusters that have not switched to SHA256 or SHA512 hash types. Set/reset password for users that are not blocked for modification in the System zone file provider, as well as disabling them. \u003c/p\u003e\u003cul\u003e\u003cli\u003ecompadmin, remotesupport, ese, insightiq, www, nobody, git_daemon, isdmgmt\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eWorkaround 3:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eDisable the WebUI and API via CLI\u003c/p\u003e\u003cp\u003e\u003ccode\u003e\u003cspan style=\"background-color: rgb(236, 240, 241);\"\u003eisi http services modify Platform-API-External --enabled=false\u003c/span\u003e\u003c/code\u003e\u003c/p\u003e\u003cp\u003eThis does not completely mitigate the issue as it could still be abused by users with ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eWorkaround 4:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eLimit access to API \u0026amp; WebUI to trusted networks via firewall rule\u003c/p\u003e\u003cul\u003e\u003cli\u003eEnable the firewall\u003c/li\u003e\u003cli\u003eIn \"default_pools_policy\" modify \"rule_isi_webui\" to restrict \"source network\" to a trusted set of networks/IPs\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eThis does not completely mitigate the issue as it could still be abused by users with ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH, as well as users on the IPs allowed through the firewall.\u003c/p\u003e"
            }
          ],
          "value": "These independent workarounds can be in place until an upgrade to a fixed release, or patch can be applied.\n\nNote: Authentication Provider hash types can be viewed with isi auth file view System\u00a0in the \"Password Hash Type\" entry.\n\nWorkaround 1:\n\nAdd the impacted users to the \"Users who cannot be modified\" list. For clusters that have not switched to SHA256 or SHA512 hash types:\n\nisi auth file modify System --add-unmodifiable-users=compadmin,remotesupport,ese,insightiq,www,nobody,git_daemon,isdmgmt --remove-modifiable-users=compadmin,remotesupport,ese,insightiq,www,nobody,git_daemon,isdmgmt --restrict-modifiable=true\n\nFor clusters that have switched to SHA256 or SHA512 hash types: Add above users, but also include other file provider users with system privileges:\n\nisi auth file modify System --add-unmodifiable-users=root,admin --remove-modifiable-users=root,admin --restrict-modifiable=true\n\nOnce the patch is applied, if you use the users, you can make them modifiable again.\n\nWorkaround 2:\n\nFor clusters that have not switched to SHA256 or SHA512 hash types. Set/reset password for users that are not blocked for modification in the System zone file provider, as well as disabling them. \n\n  *  compadmin, remotesupport, ese, insightiq, www, nobody, git_daemon, isdmgmt\n\n\nWorkaround 3:\n\nDisable the WebUI and API via CLI\n\nisi http services modify Platform-API-External --enabled=false\n\nThis does not completely mitigate the issue as it could still be abused by users with ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH.\n\nWorkaround 4:\n\nLimit access to API \u0026 WebUI to trusted networks via firewall rule\n\n  *  Enable the firewall\n  *  In \"default_pools_policy\" modify \"rule_isi_webui\" to restrict \"source network\" to a trusted set of networks/IPs\n\n\nThis does not completely mitigate the issue as it could still be abused by users with ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH, as well as users on the IPs allowed through the firewall."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2025-27690",
    "datePublished": "2025-04-10T02:04:43.949Z",
    "dateReserved": "2025-03-05T07:33:28.315Z",
    "dateUpdated": "2026-02-26T18:28:28.144Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-26330 (GCVE-0-2025-26330)

Vulnerability from cvelistv5 – Published: 2025-04-10 02:10 – Updated: 2026-02-26 18:28

Summary

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an incorrect authorization vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability to access the cluster with previous privileges of a disabled user account.

Severity ?

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-863 - Incorrect Authorization

Assigner

dell

References

URL

Tags

https://www.dell.com/support/kbdoc/en-us/00030086…

vendor-advisory

Impacted products

	Vendor	Product	Version
	Dell	PowerScale OneFS	Affected: 9.4.0.0 , ≤ 9.10.0.1 (semver) Affected: 9.7.0.0 , ≤ 9.7.1.4 (semver)

Date Public ?

2025-04-07 06:30

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-26330",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-11T03:55:27.314831Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T18:28:27.723Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PowerScale OneFS",
          "vendor": "Dell",
          "versions": [
            {
              "lessThanOrEqual": "9.10.0.1",
              "status": "affected",
              "version": "9.4.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.7.1.4",
              "status": "affected",
              "version": "9.7.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-04-07T06:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an incorrect authorization vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability to access the cluster with previous privileges of a disabled user account.\u003cbr\u003e"
            }
          ],
          "value": "Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an incorrect authorization vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability to access the cluster with previous privileges of a disabled user account."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863: Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-10T02:10:11.578Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000300860/dsa-2025-119-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2025-26330",
    "datePublished": "2025-04-10T02:10:11.578Z",
    "dateReserved": "2025-02-07T06:04:04.738Z",
    "dateUpdated": "2026-02-26T18:28:27.723Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-26480 (GCVE-0-2025-26480)

Vulnerability from cvelistv5 – Published: 2025-04-10 02:22 – Updated: 2025-04-10 14:27

Summary

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.0, contains an uncontrolled resource consumption vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

dell

References

URL

Tags

https://www.dell.com/support/kbdoc/en-us/00030086…

vendor-advisory

Impacted products

	Vendor	Product	Version
	Dell	PowerScale OneFS	Affected: 9.5.0.0 , ≤ 9.10.0.0 (semver) Affected: 9.5.0.0 , ≤ 9.5.1.2 (semver) Affected: 9.7.0.0 , ≤ 9.7.1.4 (semver)

Date Public ?

2025-04-07 06:30

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-26480",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-10T14:24:18.388307Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-10T14:27:18.677Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PowerScale OneFS",
          "vendor": "Dell",
          "versions": [
            {
              "lessThanOrEqual": "9.10.0.0",
              "status": "affected",
              "version": "9.5.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.5.1.2",
              "status": "affected",
              "version": "9.5.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.7.1.4",
              "status": "affected",
              "version": "9.7.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-04-07T06:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.0, contains an uncontrolled resource consumption vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.\u003cbr\u003e"
            }
          ],
          "value": "Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.0, contains an uncontrolled resource consumption vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-10T02:22:08.401Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000300860/dsa-2025-119-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2025-26480",
    "datePublished": "2025-04-10T02:22:08.401Z",
    "dateReserved": "2025-02-11T06:06:12.147Z",
    "dateUpdated": "2025-04-10T14:27:18.677Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-26479 (GCVE-0-2025-26479)

Vulnerability from cvelistv5 – Published: 2025-04-10 02:32 – Updated: 2025-04-10 14:25

Summary

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an out-of-bounds write vulnerability. An attacker could potentially exploit this vulnerability in NFS workflows, leading to data integrity issues.

Severity ?

3.1 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-787 - Out-of-bounds Write

Assigner

dell

References

URL

Tags

https://www.dell.com/support/kbdoc/en-us/00030086…

vendor-advisory

Impacted products

	Vendor	Product	Version
	Dell	PowerScale OneFS	Affected: 9.4.0.0 , ≤ 9.10.0.1 (semver) Affected: 9.5.0.0 , ≤ 9.5.1.2 (semver) Affected: 9.7.0.0 , ≤ 9.7.1.4 (semver)

Date Public ?

2025-04-07 06:30

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-26479",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-10T14:24:04.798097Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-10T14:25:19.915Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PowerScale OneFS",
          "vendor": "Dell",
          "versions": [
            {
              "lessThanOrEqual": "9.10.0.1",
              "status": "affected",
              "version": "9.4.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.5.1.2",
              "status": "affected",
              "version": "9.5.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.7.1.4",
              "status": "affected",
              "version": "9.7.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-04-07T06:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an out-of-bounds write vulnerability. An attacker could potentially exploit this vulnerability in NFS workflows, leading to data integrity issues.\u003cbr\u003e"
            }
          ],
          "value": "Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an out-of-bounds write vulnerability. An attacker could potentially exploit this vulnerability in NFS workflows, leading to data integrity issues."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787: Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-10T02:32:40.194Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000300860/dsa-2025-119-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2025-26479",
    "datePublished": "2025-04-10T02:32:40.194Z",
    "dateReserved": "2025-02-11T06:06:12.147Z",
    "dateUpdated": "2025-04-10T14:25:19.915Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2025-0725

CVE-2025-22471 (GCVE-0-2025-22471)

CVE-2025-23378 (GCVE-0-2025-23378)

CVE-2025-27690 (GCVE-0-2025-27690)

CVE-2025-26330 (GCVE-0-2025-26330)

CVE-2025-26480 (GCVE-0-2025-26480)

CVE-2025-26479 (GCVE-0-2025-26479)

Tags

Sightings

Nomenclature