Login Sign Up

CVE-2025-30477

4.4 MEDIUM

📋 TL;DR

Dell PowerScale OneFS versions before 9.11.0.0 use broken or risky cryptographic algorithms, allowing high-privileged remote attackers to potentially decrypt sensitive information. This affects organizations running vulnerable versions of Dell's scale-out NAS storage solution.

💻 Affected Systems

Products:
  • Dell PowerScale OneFS
Versions: All versions prior to 9.11.0.0
Operating Systems: OneFS (PowerScale's proprietary OS)
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all configurations of vulnerable versions. Requires high-privileged attacker access.

📦 What is this software?

Powerscale Onefs by Dell

View all CVEs affecting Powerscale Onefs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

High-privileged attacker decrypts sensitive stored data including credentials, configuration files, or encrypted communications.

🟠

Likely Case

Information disclosure of less critical encrypted data due to the need for high privileges and specific targeting.

🟢

If Mitigated

Minimal impact with proper network segmentation and privileged access controls limiting attack surface.

🌐 Internet-Facing: MEDIUM - While remote access is required, the need for high privileges reduces immediate risk for internet-facing systems.
🏢 Internal Only: MEDIUM - Internal attackers with administrative access could exploit this to access sensitive information.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires high-privileged attacker with remote access. Specific cryptographic algorithm weaknesses not detailed in public advisory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.11.0.0 or later

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000317419/dsa-2025-192-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities

Restart Required: Yes

Instructions:

1. Review Dell advisory DSA-2025-192. 2. Upgrade to OneFS version 9.11.0.0 or later. 3. Follow Dell's upgrade procedures for PowerScale clusters. 4. Reboot systems as required by the update.

🔧 Temporary Workarounds

Restrict administrative access

all

Limit high-privileged remote access to PowerScale systems to only necessary personnel and systems.

Network segmentation

all

Isolate PowerScale management interfaces from untrusted networks and implement strict firewall rules.

🧯 If You Can't Patch

  • Implement strict access controls limiting administrative access to PowerScale systems
  • Monitor for unusual administrative activity or cryptographic-related errors in logs

🔍 How to Verify

Check if Vulnerable:

Check OneFS version via CLI: 'isi version' or web UI. If version is below 9.11.0.0, system is vulnerable.

Check Version:

isi version

Verify Fix Applied:

After upgrade, verify version is 9.11.0.0 or higher using 'isi version' command.

📡 Detection & Monitoring

Log Indicators:

  • Unusual administrative login patterns
  • Cryptographic operation failures or warnings

Network Indicators:

  • Unexpected connections to PowerScale management ports (typically 8080, 9090)

SIEM Query:

source="powerscale" AND (event_type="admin_login" OR event_type="crypto_error")

📊 Metadata

CVE ID: CVE-2025-30477
CVSS v3 Score: 4.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-327
EPSS Score: 0.02% exploit probability (4.3th percentile)
Published: July 21, 2025
Last Updated: August 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-30477, you might also want to check these:

CVE-2024-51478 9.9

This vulnerability in YesWiki allows attackers to recover password reset keys due to weak cryptograp...

Same vulnerability type (CWE-327)
CVE-2021-22738 9.8

This vulnerability in Schneider Electric homeLYnk and spaceLYnk systems allows attackers to brute-fo...

Same vulnerability type (CWE-327)
CVE-2025-69929 9.8

This vulnerability in N3uron Web User Interface v1.21.7-240207.1047 allows remote attackers to escal...

Same vulnerability type (CWE-327)