Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2025-36601

CVE-2025-36601: Dell PowerScale OneFS Info Disclosure

CVE-2025-36601 is an information disclosure vulnerability in Dell PowerScale OneFS versions 9.5.0.0 through 9.11.0.0 that enables unauthenticated attackers to access sensitive data. This article covers technical details, impact, and mitigation.

Updated:

CVE-2025-36601 Overview

CVE-2025-36601 is an information disclosure vulnerability in Dell PowerScale OneFS, the operating system that powers Dell's scale-out network-attached storage (NAS) platform. The flaw affects versions 9.5.0.0 through 9.11.0.0 and stems from improper restriction of sensitive data accessible to unauthorized parties [CWE-200]. An unauthenticated remote attacker can exploit the issue over the network without user interaction. Successful exploitation discloses sensitive information from the affected storage cluster but does not impact integrity or availability.

Critical Impact

An unauthenticated remote attacker can retrieve sensitive information from PowerScale OneFS clusters running versions 9.5.0.0 through 9.11.0.0 without any user interaction.

Affected Products

  • Dell PowerScale OneFS 9.5.0.0
  • Dell PowerScale OneFS versions between 9.5.0.0 and 9.11.0.0
  • Dell PowerScale OneFS 9.11.0.0

Discovery Timeline

  • 2025-09-25 - CVE-2025-36601 published to NVD
  • 2026-02-20 - Last updated in NVD database

Technical Details for CVE-2025-36601

Vulnerability Analysis

Dell PowerScale OneFS exposes sensitive information to unauthorized actors across supported versions 9.5.0.0 through 9.11.0.0. The vulnerability is classified under [CWE-200], indicating that protected data is reachable by parties not entitled to view it. Dell's advisory DSA-2025-272 groups this issue with multiple third-party component vulnerabilities addressed in the same security update.

The attack requires no authentication and no user interaction. The confidentiality impact is high while integrity and availability remain unaffected, consistent with a pure disclosure flaw rather than tampering or service disruption. The EPSS probability of 0.038% places active exploitation likelihood low, but the unauthenticated network reachability raises the practical risk for internet-exposed management interfaces.

Root Cause

The root cause is improper access control over data that OneFS exposes through one or more network-reachable interfaces. Dell has not publicly identified the specific component or endpoint responsible. The issue allows requests from unauthorized actors to retrieve information that should be restricted to authenticated administrators or internal cluster processes.

Attack Vector

The attack vector is network-based with low complexity. An attacker reaches an exposed OneFS service endpoint and issues requests that return sensitive data without credential validation. No code execution or privilege escalation is involved. Refer to the Dell Security Update DSA-2025-272 for the authoritative technical scope.

No verified proof-of-concept code is publicly available. The vulnerability is described in prose because no sanitized exploitation samples have been published.

Detection Methods for CVE-2025-36601

Indicators of Compromise

  • Unauthenticated HTTP or HTTPS requests to OneFS management or API endpoints originating from untrusted networks.
  • Unusual volumes of outbound responses from OneFS nodes to external IP addresses.
  • Access log entries lacking associated authenticated session identifiers on cluster-facing services.

Detection Strategies

  • Review OneFS audit logs and HTTP access logs for requests that succeed without valid authentication tokens.
  • Correlate network flow data with the management VLAN to identify unauthorized clients reaching OneFS APIs.
  • Inspect perimeter firewall and load balancer logs for direct access attempts to PowerScale management ports from outside trusted subnets.

Monitoring Recommendations

  • Enable verbose API and HTTP request logging on all OneFS nodes and forward to a centralized SIEM.
  • Alert on response payload sizes that exceed baselines for unauthenticated endpoints.
  • Track all administrative interface connections by source IP and authentication status.

How to Mitigate CVE-2025-36601

Immediate Actions Required

  • Apply the fixed OneFS release referenced in Dell advisory DSA-2025-272 to all clusters running 9.5.0.0 through 9.11.0.0.
  • Restrict network access to OneFS management interfaces to trusted administrative subnets only.
  • Audit current exposure of PowerScale endpoints to the internet or untrusted internal networks.

Patch Information

Dell published DSA-2025-272 covering this issue and additional third-party component vulnerabilities in PowerScale OneFS. Administrators should follow the advisory to obtain the remediated version and validate cluster health after upgrade.

Workarounds

  • Place OneFS management interfaces behind a network segment reachable only from administrative jump hosts.
  • Enforce strict firewall ACLs limiting source addresses permitted to reach PowerScale services.
  • Disable any unused network-facing OneFS services until patching is complete.
bash
# Configuration example: restrict access to OneFS management interfaces
# Allow only the trusted admin subnet to reach the cluster management IP
iptables -A INPUT -p tcp -s 10.10.50.0/24 -d <onefs-mgmt-ip> --dport 8080 -j ACCEPT
iptables -A INPUT -p tcp -d <onefs-mgmt-ip> --dport 8080 -j DROP

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.