Powerscale Onefs
CVE-2025-27690
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.0, contains a use of default password vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to the takeover of a high privileged user account.
AnalysisAI
Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.0, contains a use of default password vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-1393. Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.0, contains a use of default password vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to the takeover of a high privileged user account. Affected products include: Dell Powerscale Onefs. Version information: through 9.10.1.0.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Powerscale Onefs
View allCVE-2024-53298 is a critical missing authorization vulnerability in Dell PowerScale OneFS NFS export functionality that
Powerscale Onefs versions up to 9.13.0.0 is affected by improper restriction of excessive authentication attempts (CVSS
Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an incorrect authorization vulnerability. Rated high
Powerscale Onefs versions up to 9.10.1.6 is affected by execution with unnecessary privileges (CVSS 6.7).
Powerscale Onefs versions up to 9.10.1.6 is affected by execution with unnecessary privileges (CVSS 6.7).
Powerscale Onefs versions up to 9.10.1.6 is affected by execution with unnecessary privileges (CVSS 6.7).
Dell PowerScale OneFS versions before 9.10.1.6 and 9.11.0.0 through 9.12.0.1 contain an uncontrolled search path vulnera
Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper privilege management vulnerability. Rated medium
Incorrect default file permissions in Dell PowerScale OneFS versions before 9.10.1.6 and 9.11.0.0 through 9.12.0.1 allow
Privilege escalation in Dell PowerScale OneFS versions before 9.10.1.6 and 9.11.0.0 through 9.12.0.1 stems from incorrec
Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an integer overflow or wraparound vulnerability. Rate
Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.1.0, contains an out-of-bounds write vulnerability. Rated medium se
Same weakness CWE-1393 – Use of Default Password
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today