CVE-2025-43724

Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an authorization bypass through user-controlled key vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to gain unauthorized access to NFSv4 or SMB shares.

Published: Oct 8, 2025
Updated: Nov 4, 2025
CVE: CVE-2025-43724
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.4
AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-639

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
dell / powerscale_onefs	9.5.0.0	9.5.1.5
dell / powerscale_onefs	9.6.0	9.7.1.10
dell / powerscale_onefs	9.8.0.0	9.10.1.3
dell / powerscale_onefs	9.11.0.0	9.12.0.0

https://www.dell.com/support/kbdoc/en-us/000376214/dsa-2025-347-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities

Vulnerability Database

CVE-2025-43724

Deep Security Visibility Without the Complexity