CVE-2025-27690
📋 TL;DR
Dell PowerScale OneFS versions 9.5.0.0 through 9.10.1.0 contain a default password vulnerability that allows unauthenticated remote attackers to take over high-privileged user accounts. This affects all systems running these versions without proper password configuration. The vulnerability enables complete system compromise through administrative account takeover.
💻 Affected Systems
- Dell PowerScale OneFS
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system takeover with administrative privileges, allowing data theft, ransomware deployment, or destruction of the storage system.
Likely Case
Unauthenticated attacker gains administrative access to the PowerScale cluster, enabling data exfiltration, configuration changes, or service disruption.
If Mitigated
If proper network segmentation and access controls are in place, impact may be limited to isolated network segments.
🎯 Exploit Status
Default credential vulnerabilities typically have low exploitation complexity. The advisory indicates unauthenticated remote access is possible.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 9.10.1.1 and later
Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000300860/dsa-2025-119-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities
Restart Required: Yes
Instructions:
1. Download the OneFS update from Dell Support. 2. Apply the update following Dell's upgrade procedures. 3. Reboot the PowerScale cluster as required. 4. Verify the update was successful.
🔧 Temporary Workarounds
Network Isolation
allRestrict network access to PowerScale management interfaces to trusted networks only.
Configure firewall rules to block external access to PowerScale management ports
Password Change Enforcement
linuxForce password changes for all administrative accounts and ensure no default passwords remain.
isi auth users modify <username> --password <newpassword>
isi auth groups modify <groupname> --password <newpassword>
🧯 If You Can't Patch
- Immediately isolate PowerScale systems from untrusted networks using firewall rules.
- Change all administrative passwords and audit for any remaining default credentials.
🔍 How to Verify
Check if Vulnerable:
Check OneFS version with: isi version. If version is between 9.5.0.0 and 9.10.1.0 inclusive, system is vulnerable.Check Version:
isi versionVerify Fix Applied:
Run: isi version. Verify version is 9.10.1.1 or higher.📡 Detection & Monitoring
Log Indicators:
- Failed authentication attempts followed by successful authentication from unexpected sources
- Multiple login attempts to administrative accounts from new IP addresses
Network Indicators:
- Unusual outbound connections from PowerScale systems
- Unexpected administrative access patterns
SIEM Query:
source="powerscale" AND (event_type="authentication" AND result="success") AND user="admin*" AND src_ip NOT IN [trusted_ips]