CVE-2025-36572 – Dell PowerStore version 4.0.0.0 contains hard-c... (How to Fix)

Q: What is the severity of CVE-2025-36572?

CVE-2025-36572 has a CVSS score of 6.5 (MEDIUM). Dell PowerStore version 4.0.0.0 contains hard-coded credentials in its image file, allowing attackers with knowledge of these credentials to gain unauthorized access. This affects organizations using vulnerable PowerStore storage systems, potentially compromising storage infrastructure and data.

📋 TL;DR

Dell PowerStore version 4.0.0.0 contains hard-coded credentials in its image file, allowing attackers with knowledge of these credentials to gain unauthorized access. This affects organizations using vulnerable PowerStore storage systems, potentially compromising storage infrastructure and data.

💻 Affected Systems

Products:

Dell PowerStore

Versions: 4.0.0.0

Operating Systems: PowerStore OS

Default Config Vulnerable: ⚠️ Yes

Notes: All PowerStore systems running version 4.0.0.0 are vulnerable by default.

📦 What is this software?

Powerstoreos by Dell

View all CVEs affecting Powerstoreos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of PowerStore system leading to data theft, destruction, or ransomware deployment across connected storage infrastructure.

🟠

Likely Case

Unauthorized access to PowerStore management interface allowing configuration changes, data access, or service disruption.

🟢

If Mitigated

Limited impact if network segmentation and access controls prevent remote exploitation attempts.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires knowledge of hard-coded credentials and network access to PowerStore management interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to version specified in DSA-2025-223

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000325205/dsa-2025-223-dell-powerstore-t-security-update-for-multiple-vulnerabilities

Restart Required: Yes

Instructions:

1. Review Dell advisory DSA-2025-223. 2. Download appropriate PowerStore update. 3. Apply update following Dell's documented procedures. 4. Verify successful update and system functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to PowerStore management interfaces to trusted administrative networks only.

Access Control Lists

all

Implement strict firewall rules and ACLs to limit which IP addresses can connect to PowerStore management ports.

🧯 If You Can't Patch

Isolate PowerStore systems from untrusted networks and internet access
Implement multi-factor authentication and monitor for unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

Check PowerStore version via management interface or CLI. If version is 4.0.0.0, system is vulnerable.

Check Version:

Check via PowerStore Manager UI or use PowerStore CLI commands specific to your deployment

Verify Fix Applied:

Verify PowerStore version has been updated to a version beyond 4.0.0.0 as specified in Dell's advisory.

📡 Detection & Monitoring

Log Indicators:

Failed authentication attempts with hard-coded credentials
Unusual login patterns to PowerStore management interface
Configuration changes from unexpected sources

Network Indicators:

Unusual traffic to PowerStore management ports (typically 443)
Connection attempts from unauthorized IP addresses

SIEM Query:

source="powerstore" AND (event_type="authentication" AND result="failure") OR (event_type="configuration_change" AND user!="authorized_admin")

📊 Metadata

CVE ID: CVE-2025-36572

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-798

EPSS Score: 0.08% exploit probability (22.5th percentile)

Published: May 28, 2025

Last Updated: June 9, 2025

🔗 References

https://www.dell.com/support/kbdoc/en-us/000325205/dsa-2025-223-dell-powerstore-t-security-update-for-multiple-vulnerabilities Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-36572, you might also want to check these: