CVE-2025-36601

CVSS v3 4.0 MEDIUM

4.0^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

D

ell PowerScale OneFS, versions 9.5.0.0 through 9.11.0.0, contains an exposure of sensitive information to an unauthorized actor vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to Information disclosure.

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000353080/dsa-2025-272-security-update-for-dell-powerscale-onefs-multiple-third-party-component-vulnerabilities	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:dell:powerscale_onefs::::::::
	cpe:2.3:o:dell:powerscale_onefs::::::::
	cpe:2.3:o:dell:powerscale_onefs::::::::
	cpe:2.3:o:dell:powerscale_onefs:9.11.0.0:::::::*

History

20 Feb 2026, 18:38

Type	Values Removed	Values Added
CPE	cpe:2.3:a:dell:powerscale_onefs:9.11.0.0:::::::*	cpe:2.3:o:dell:powerscale_onefs:9.11.0.0:::::::* cpe:2.3:o:dell:powerscale_onefs::::::::

31 Oct 2025, 14:16

Type	Values Removed	Values Added
First Time		Dell Dell powerscale Onefs
References	~~() https://www.dell.com/support/kbdoc/en-us/000353080/dsa-2025-272-security-update-for-dell-powerscale-onefs-multiple-third-party-component-vulnerabilities -~~	() https://www.dell.com/support/kbdoc/en-us/000353080/dsa-2025-272-security-update-for-dell-powerscale-onefs-multiple-third-party-component-vulnerabilities - Vendor Advisory
CPE		cpe:2.3:a:dell:powerscale_onefs:::::::: cpe:2.3:a:dell:powerscale_onefs:9.11.0.0:::::::*
CWE		NVD-CWE-noinfo

26 Sep 2025, 14:32

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-09-25 15:16

Updated : 2026-02-20 18:38

NVD link : CVE-2025-36601

Mitre link : CVE-2025-36601

CVE.ORG link : CVE-2025-36601

JSON object : View

Products Affected

powerscale_onefs

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

NVD-CWE-noinfo

{"id": "CVE-2025-36601", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.0, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-09-25T15:16:10.890", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000353080/dsa-2025-272-security-update-for-dell-powerscale-onefs-multiple-third-party-component-vulnerabilities", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Dell PowerScale OneFS, versions 9.5.0.0 through 9.11.0.0, contains an exposure of sensitive information to an unauthorized actor vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to Information disclosure."}], "lastModified": "2026-02-20T18:38:47.087", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:powerscale_onefs:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1540CAF7-15B6-46DF-BA82-20B544E43CFB", "versionEndExcluding": "9.10.1.3", "versionStartIncluding": "9.8.0.0"}, {"criteria": "cpe:2.3:o:dell:powerscale_onefs:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63EE5B28-1B70-497E-87B5-1727713DD424", "versionEndExcluding": "9.5.1.4", "versionStartIncluding": "9.5.0.0"}, {"criteria": "cpe:2.3:o:dell:powerscale_onefs:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1BAD8C5-8AC7-4AF3-A2DB-C7E4B249514B", "versionEndExcluding": "9.7.1.10", "versionStartIncluding": "9.6.0"}, {"criteria": "cpe:2.3:o:dell:powerscale_onefs:9.11.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A021C3E4-844E-4728-8887-BDEBEA54235C"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}