Vulnerability cyber

Dell Technologies

Jun 6, 2025 1 min read
Dell Technologies

Two significant security vulnerabilities affecting the Dell PowerScale OneFS storage operating system were disclosed. The most severe flaw, CVE-2024-53298, allows unauthenticated attackers to gain complete unauthorized access to enterprise filesystem data, potentially leading to the reading of sensitive corporate documents, modification of critical system configurations, and deletion of entire filesystem structures. A secondary SQL injection vulnerability, CVE-2025-32753, enables local privilege escalation attacks, posing a dual threat to enterprise storage environments.

Source: https://cybersecuritynews.com/dell-powerscale-vulnerability/

TPRM report: https://scoringcyber.rankiteo.com/company/dell-technologies

"id": "del951060625",
"linkid": "dell-technologies",
"type": "Vulnerability",
"date": "6/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'Technology',
                        'name': 'Dell Technologies',
                        'type': 'Organization'}],
 'attack_vector': ['NFS Export Authorization Bypass', 'SQL Injection'],
 'data_breach': {'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Sensitive corporate documents',
                                              'Critical system '
                                              'configurations']},
 'description': 'Two significant security vulnerabilities affecting the Dell '
                'PowerScale OneFS storage operating system, with the most '
                'severe flaw potentially allowing unauthenticated attackers to '
                'gain complete unauthorized access to enterprise filesystem '
                'data.',
 'impact': {'data_compromised': ['Sensitive corporate documents',
                                 'Critical system configurations'],
            'systems_affected': ['PowerScale OneFS versions 9.5.0.0 through '
                                 '9.10.0.1']},
 'initial_access_broker': {'entry_point': 'NFS Export Authorization Bypass'},
 'motivation': 'Unauthorized access to enterprise filesystem data',
 'post_incident_analysis': {'corrective_actions': ['Upgrade to patched '
                                                   'versions of OneFS',
                                                   'Implement network-level '
                                                   'access controls',
                                                   'Conduct comprehensive '
                                                   'security audits'],
                            'root_causes': ['NFS authorization vulnerability',
                                            'SQL injection vulnerability']},
 'recommendations': ['Upgrade to patched versions of OneFS',
                     'Implement network-level access controls',
                     'Conduct comprehensive security audits'],
 'response': {'containment_measures': ['Network-level access controls as '
                                       'temporary mitigation measures'],
              'remediation_measures': ['Upgrade to patched versions of OneFS',
                                       'Comprehensive security audits']},
 'title': 'Dell PowerScale OneFS Vulnerabilities',
 'type': 'Vulnerability Exploitation',
 'vulnerability_exploited': ['CVE-2024-53298', 'CVE-2025-32753']}
Published by
Jeremy C
Jeremy C
You might also like
Vulnerability cyber

HPE

public 1 min read
Multiple severe security vulnerabilities in HPE Insight Remote Support (IRS) platform that could allow attackers to execute remote code, traverse…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.