CVE-2025-36601
📋 TL;DR
Dell PowerScale OneFS versions 9.5.0.0 through 9.11.0.0 contain an information disclosure vulnerability where unauthenticated remote attackers can access sensitive information. This affects Dell PowerScale storage systems running vulnerable OneFS versions, potentially exposing confidential data to unauthorized parties.
💻 Affected Systems
- Dell PowerScale OneFS
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers obtain sensitive configuration data, credentials, or proprietary information that could facilitate further attacks or data breaches.
Likely Case
Unauthorized access to system information, configuration details, or metadata that shouldn't be publicly accessible.
If Mitigated
Limited exposure of non-critical information with proper network segmentation and access controls in place.
🎯 Exploit Status
The vulnerability requires no authentication and appears to be relatively straightforward to exploit based on the CVSS score and description.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 9.11.0.0 with security updates or later versions
Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000353080/dsa-2025-272-security-update-for-dell-powerscale-onefs-multiple-third-party-component-vulnerabilities
Restart Required: No
Instructions:
1. Review Dell advisory DSA-2025-272. 2. Apply the latest OneFS security updates. 3. Verify the update was successful. 4. Monitor for any issues post-update.
🔧 Temporary Workarounds
Network Segmentation
allRestrict network access to PowerScale systems to only trusted networks and required administrative interfaces
Access Control Lists
allImplement strict network ACLs to limit which IP addresses can communicate with PowerScale management interfaces
🧯 If You Can't Patch
- Implement strict network segmentation and firewall rules to block all unnecessary access to PowerScale systems
- Monitor network traffic to PowerScale systems for unusual access patterns or information disclosure attempts
🔍 How to Verify
Check if Vulnerable:
Check OneFS version via CLI: 'isi version' or web interface. If version is between 9.5.0.0 and 9.11.0.0, system is vulnerable.Check Version:
isi versionVerify Fix Applied:
Verify OneFS version is 9.11.0.0 with security updates or later. Test that sensitive information endpoints are no longer accessible without authentication.📡 Detection & Monitoring
Log Indicators:
- Unauthenticated access attempts to sensitive endpoints
- Unusual information retrieval patterns from OneFS logs
Network Indicators:
- Unusual traffic to PowerScale management interfaces from unauthorized sources
- Information disclosure patterns in network captures
SIEM Query:
source="powerscale" AND (event_type="access_denied" OR event_type="unauthorized_access") AND dest_port IN (8080, 443)