CVE-2025-26330Incorrect Authorization in Dell Powerscale Onefs

CWE-863Incorrect Authorization3 documents3 sources
Severity
7.0HIGHNVD
EPSS
0.1%
top 80.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Dell Powerscale Onefs
Timeline
PublishedApr 10

Description

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an incorrect authorization vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability to access the cluster with previous privileges of a disabled user account.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages2 packages

CVEListV5dell/powerscale_onefs9.4.0.09.10.0.1+1
NVDdell/powerscale_onefs9.4.09.10.1.1

🔴Vulnerability Details

2
GHSA
GHSA-m436-48r8-qqpq: Dell PowerScale OneFS, versions 92025-04-10
CVEList
CVE-2025-26330: Dell PowerScale OneFS, versions 92025-04-10
CVE-2025-26330 — Incorrect Authorization in Dell | cvebase