CVE-2025-36601 Overview
CVE-2025-36601 is an information disclosure vulnerability in Dell PowerScale OneFS, the operating system that powers Dell's scale-out network-attached storage (NAS) platform. The flaw affects versions 9.5.0.0 through 9.11.0.0 and stems from improper restriction of sensitive data accessible to unauthorized parties [CWE-200]. An unauthenticated remote attacker can exploit the issue over the network without user interaction. Successful exploitation discloses sensitive information from the affected storage cluster but does not impact integrity or availability.
Critical Impact
An unauthenticated remote attacker can retrieve sensitive information from PowerScale OneFS clusters running versions 9.5.0.0 through 9.11.0.0 without any user interaction.
Affected Products
- Dell PowerScale OneFS 9.5.0.0
- Dell PowerScale OneFS versions between 9.5.0.0 and 9.11.0.0
- Dell PowerScale OneFS 9.11.0.0
Discovery Timeline
- 2025-09-25 - CVE-2025-36601 published to NVD
- 2026-02-20 - Last updated in NVD database
Technical Details for CVE-2025-36601
Vulnerability Analysis
Dell PowerScale OneFS exposes sensitive information to unauthorized actors across supported versions 9.5.0.0 through 9.11.0.0. The vulnerability is classified under [CWE-200], indicating that protected data is reachable by parties not entitled to view it. Dell's advisory DSA-2025-272 groups this issue with multiple third-party component vulnerabilities addressed in the same security update.
The attack requires no authentication and no user interaction. The confidentiality impact is high while integrity and availability remain unaffected, consistent with a pure disclosure flaw rather than tampering or service disruption. The EPSS probability of 0.038% places active exploitation likelihood low, but the unauthenticated network reachability raises the practical risk for internet-exposed management interfaces.
Root Cause
The root cause is improper access control over data that OneFS exposes through one or more network-reachable interfaces. Dell has not publicly identified the specific component or endpoint responsible. The issue allows requests from unauthorized actors to retrieve information that should be restricted to authenticated administrators or internal cluster processes.
Attack Vector
The attack vector is network-based with low complexity. An attacker reaches an exposed OneFS service endpoint and issues requests that return sensitive data without credential validation. No code execution or privilege escalation is involved. Refer to the Dell Security Update DSA-2025-272 for the authoritative technical scope.
No verified proof-of-concept code is publicly available. The vulnerability is described in prose because no sanitized exploitation samples have been published.
Detection Methods for CVE-2025-36601
Indicators of Compromise
- Unauthenticated HTTP or HTTPS requests to OneFS management or API endpoints originating from untrusted networks.
- Unusual volumes of outbound responses from OneFS nodes to external IP addresses.
- Access log entries lacking associated authenticated session identifiers on cluster-facing services.
Detection Strategies
- Review OneFS audit logs and HTTP access logs for requests that succeed without valid authentication tokens.
- Correlate network flow data with the management VLAN to identify unauthorized clients reaching OneFS APIs.
- Inspect perimeter firewall and load balancer logs for direct access attempts to PowerScale management ports from outside trusted subnets.
Monitoring Recommendations
- Enable verbose API and HTTP request logging on all OneFS nodes and forward to a centralized SIEM.
- Alert on response payload sizes that exceed baselines for unauthenticated endpoints.
- Track all administrative interface connections by source IP and authentication status.
How to Mitigate CVE-2025-36601
Immediate Actions Required
- Apply the fixed OneFS release referenced in Dell advisory DSA-2025-272 to all clusters running 9.5.0.0 through 9.11.0.0.
- Restrict network access to OneFS management interfaces to trusted administrative subnets only.
- Audit current exposure of PowerScale endpoints to the internet or untrusted internal networks.
Patch Information
Dell published DSA-2025-272 covering this issue and additional third-party component vulnerabilities in PowerScale OneFS. Administrators should follow the advisory to obtain the remediated version and validate cluster health after upgrade.
Workarounds
- Place OneFS management interfaces behind a network segment reachable only from administrative jump hosts.
- Enforce strict firewall ACLs limiting source addresses permitted to reach PowerScale services.
- Disable any unused network-facing OneFS services until patching is complete.
# Configuration example: restrict access to OneFS management interfaces
# Allow only the trusted admin subnet to reach the cluster management IP
iptables -A INPUT -p tcp -s 10.10.50.0/24 -d <onefs-mgmt-ip> --dport 8080 -j ACCEPT
iptables -A INPUT -p tcp -d <onefs-mgmt-ip> --dport 8080 -j DROP
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

