CVE-2025-36601 Overview
CVE-2025-36601 is an information disclosure vulnerability affecting Dell PowerScale OneFS versions 9.5.0.0 through 9.11.0.0. The flaw exposes sensitive information to an unauthorized actor and is categorized under [CWE-200]. An unauthenticated remote attacker can exploit the vulnerability over the network without user interaction, leading to disclosure of confidential data from the storage platform.
Dell published the issue in advisory DSA-2025-272, which addresses multiple third-party component vulnerabilities in PowerScale OneFS. The EPSS probability for this CVE is 0.038% (percentile 11.456), indicating low observed exploitation activity to date.
Critical Impact
Unauthenticated remote attackers can retrieve sensitive information from Dell PowerScale OneFS clusters running affected versions, with no privileges or user interaction required.
Affected Products
- Dell PowerScale OneFS 9.5.0.0 through 9.10.x
- Dell PowerScale OneFS 9.11.0.0
- PowerScale clusters running any release in the affected range
Discovery Timeline
- 2025-09-25 - CVE CVE-2025-36601 published to NVD
- 2026-02-20 - Last updated in NVD database
Technical Details for CVE-2025-36601
Vulnerability Analysis
CVE-2025-36601 is an Information Exposure issue in Dell PowerScale OneFS, a scale-out network-attached storage (NAS) operating system. The defect allows an unauthorized actor to retrieve sensitive information that should be restricted to authenticated users or administrative roles. Because authentication is not required, the attack surface includes any reachable network endpoint exposed by the OneFS cluster.
The vulnerability is classified under [CWE-200] (Exposure of Sensitive Information to an Unauthorized Actor). Dell's advisory attributes the issue to third-party components bundled within OneFS rather than custom OneFS application logic. Confidentiality impact is high, while integrity and availability remain unaffected, meaning attackers can read data but cannot modify cluster state through this flaw alone.
Root Cause
The root cause is improper restriction of access to data returned by an exposed service in OneFS. Affected versions return information that should be protected behind authentication boundaries. Dell's DSA-2025-272 bulletin identifies the issue as originating in third-party components shipped with OneFS, which is consistent with the broad version range from 9.5.0.0 through 9.11.0.0.
Attack Vector
The vulnerability is exploitable remotely over the network with low attack complexity. An attacker does not need credentials, elevated privileges, or any interaction with a legitimate user. The attacker sends crafted requests to an exposed OneFS service interface and receives data that should be access-controlled. No public proof-of-concept exploit code is currently available, and the CVE is not listed in the CISA Known Exploited Vulnerabilities catalog.
See the Dell Security Update Advisory for vendor-confirmed technical context.
Detection Methods for CVE-2025-36601
Indicators of Compromise
- Unauthenticated HTTP/HTTPS requests to OneFS management or API endpoints from unexpected source addresses.
- Anomalous outbound data flows from PowerScale cluster nodes to untrusted networks.
- Unusual volumes of read or enumeration requests against OneFS services without preceding authentication events.
Detection Strategies
- Inspect OneFS audit logs for repeated unauthenticated requests against API or web management endpoints.
- Correlate network telemetry with OneFS service logs to identify access from sources outside expected management subnets.
- Run version inventory queries against PowerScale nodes to identify clusters still on releases 9.5.0.0 through 9.11.0.0.
Monitoring Recommendations
- Forward OneFS audit and protocol access logs into a centralized SIEM for correlation with network flow data.
- Alert on unauthenticated access patterns against OneFS management interfaces, particularly from outside dedicated administrative VLANs.
- Track configuration drift on PowerScale nodes to ensure patched releases remain deployed after remediation.
How to Mitigate CVE-2025-36601
Immediate Actions Required
- Identify all Dell PowerScale OneFS clusters running versions 9.5.0.0 through 9.11.0.0 and prioritize them for patching.
- Apply the fixed OneFS release referenced in Dell advisory DSA-2025-272.
- Restrict network exposure of OneFS management and API interfaces to trusted administrative networks only.
Patch Information
Dell released remediation guidance in DSA-2025-272, which addresses multiple third-party component vulnerabilities in PowerScale OneFS, including CVE-2025-36601. Administrators should consult the advisory for the specific fixed release applicable to their cluster version and follow Dell's upgrade procedure for non-disruptive rolling upgrades.
Workarounds
- Place OneFS management interfaces behind network access control lists that permit only authorized administrative hosts.
- Disable or block external access to any non-essential OneFS services exposed to untrusted networks until patches are applied.
- Enforce network segmentation between storage cluster interfaces and general-purpose user networks.
# Example: restrict OneFS management access using a firewall ACL
# Replace 10.10.0.0/24 with your administrative subnet
# and <onefs_mgmt_ip> with the cluster management address
iptables -A INPUT -p tcp -d <onefs_mgmt_ip> --dport 8080 -s 10.10.0.0/24 -j ACCEPT
iptables -A INPUT -p tcp -d <onefs_mgmt_ip> --dport 8080 -j DROP
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
