CVE-2025-26330 | THREATINT

Description

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an incorrect authorization vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability to access the cluster with previous privileges of a disabled user account.

PUBLISHED Reserved 2025-02-07 | Published 2025-04-10 | Updated 2026-02-26 | Assigner dell

HIGH: 7.0CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Problem types

CWE-863: Incorrect Authorization

Product status

Default status

unaffected

9.4.0.0 (semver)

affected

9.7.0.0 (semver)

affected

References

www.dell.com/...-onefs-for-multiple-security-vulnerabilities vendor-advisory

cve.org (CVE-2025-26330)

nvd.nist.gov (CVE-2025-26330)

Download JSON