CVE-2025-32753 – This CVE describes an SQL injection vulnerabili... (How to Fix)

Q: What is the severity of CVE-2025-32753?

CVE-2025-32753 has a CVSS score of 5.3 (MEDIUM). This CVE describes an SQL injection vulnerability in Dell PowerScale OneFS storage systems. A low-privileged attacker with local access could execute arbitrary SQL commands, potentially leading to denial of service, data exposure, or data manipulation. Organizations running affected OneFS versions 9.5.0.0 through 9.10.0.1 are impacted.

📋 TL;DR

This CVE describes an SQL injection vulnerability in Dell PowerScale OneFS storage systems. A low-privileged attacker with local access could execute arbitrary SQL commands, potentially leading to denial of service, data exposure, or data manipulation. Organizations running affected OneFS versions 9.5.0.0 through 9.10.0.1 are impacted.

💻 Affected Systems

Products:

Dell PowerScale OneFS

Versions: 9.5.0.0 through 9.10.0.1

Operating Systems: OneFS (Dell's proprietary storage OS)

Default Config Vulnerable: ⚠️ Yes

Notes: All configurations within affected version range are vulnerable. Requires local access to the OneFS system.

📦 What is this software?

Powerscale Onefs by Dell

View all CVEs affecting Powerscale Onefs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains full control over the SQL database, leading to complete system compromise, data destruction, or persistent backdoor installation.

🟠

Likely Case

Local attacker with low privileges escalates access, extracts sensitive configuration data, or causes service disruption.

🟢

If Mitigated

With proper network segmentation and access controls, impact limited to isolated storage system with no lateral movement.

🌐 Internet-Facing: LOW - Requires local access to exploit, not remotely exploitable.

🏢 Internal Only: MEDIUM - Local attackers or compromised internal accounts could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and low-privileged credentials. SQL injection exploitation typically requires some technical skill.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 9.10.0.1 (check Dell advisory for specific patched versions)

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000326339/dsa-2025-208-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities

Restart Required: Yes

Instructions:

1. Review Dell advisory DSA-2025-208. 2. Download appropriate OneFS update from Dell support. 3. Apply update following Dell's OneFS upgrade procedures. 4. Reboot system as required.

🔧 Temporary Workarounds

Restrict Local Access

all

Limit local console and SSH access to only authorized administrators

# Configure strict access controls in OneFS
# Use role-based access control (RBAC)

Network Segmentation

all

Isolate PowerScale management interfaces from general network access

# Configure firewall rules to restrict access to OneFS management interfaces
# Use VLANs to separate storage management traffic

🧯 If You Can't Patch

Implement strict access controls to limit who can access OneFS management interfaces
Monitor for unusual SQL queries or database activity on affected systems

🔍 How to Verify

Check if Vulnerable:

Check OneFS version via CLI: 'isi version' or web UI. If version is between 9.5.0.0 and 9.10.0.1 inclusive, system is vulnerable.

Check Version:

isi version

Verify Fix Applied:

After patching, verify version is above 9.10.0.1 using 'isi version' command.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in OneFS audit logs
Multiple failed authentication attempts followed by SQL activity
Unexpected database schema changes

Network Indicators:

Unusual traffic patterns to OneFS management interfaces
SQL protocol anomalies

SIEM Query:

source="OneFS" AND (sql_query="*DROP*" OR sql_query="*UNION*" OR sql_query="*SELECT*" FROM system_tables)

📊 Metadata

CVE ID: CVE-2025-32753

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-89

EPSS Score: 0.03% exploit probability (8.5th percentile)

Published: June 20, 2025

Last Updated: July 11, 2025

🔗 References

https://www.dell.com/support/kbdoc/en-us/000326339/dsa-2025-208-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-32753, you might also want to check these: