CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2025-27690

CVSS 9.8v3.1pub. 2025-04-10upd. 2025-07-11

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.0, contains a use of default password vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to the takeover of a high privileged user account.

🤖 AI Analysis
How it works

The vulnerability (CWE-1393) consists of the system leaving an active privileged account with a default, unchanged password. An attacker with network access can authenticate using this default password, thereby bypassing any access control mechanisms. The lack of user interaction requirement or special environmental conditions makes the attack simple to carry out on a large scale.

Impact

An attacker can completely take over a user account with high privileges, which in practice means full control over the Dell PowerScale OneFS environment — including access to stored data, the ability to modify or delete it, and destabilization of services.

Mitigation & patch

Apply patches available from the vendor according to references (DSA-2025-119). Additionally, it is recommended to immediately change default passwords on all privileged accounts and restrict network access to system management interfaces.

Who is affected

Dell PowerScale OneFS in versions 9.5.0.0 through 9.10.1.0 inclusive.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Dell Powerscale Onefs

    APP
    Dell
    9.5.0.0 – 9.10.1.0
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2024-53298CRITICAL9.8PL ✓ten sam produkt

Brak autoryzacji w NFS export — Dell PowerScale OneFS (Auth Bypass)

CVE-2022-31229CRITICAL9.6ten sam produkt

Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administ...

CVE-2026-22278HIGH8.1ten sam produkt

Dell PowerScale OneFS versions prior to 9.13.0.0 contains an improper restriction of excessive authentication ...

CVE-2025-26481HIGH7.5ten sam produkt

Dell PowerScale OneFS, versions 9.4.0.0 through 9.9.0.0, contains an uncontrolled resource consumption vulnera...

CVE-2025-26330HIGH7.0ten sam produkt

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an incorrect authorization vulnerability. A...