Auth bypass in Dell Powerscale Onefs

CVE-2025-26330

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an incorrect authorization vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability to access the cluster with previous pri…

Vulnerability class: Broken Access Control

EPSS: 0.001 (3.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.0 (High). Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2025-26330?
CVE-2025-26330 is a high-severity vulnerability in Dell Powerscale Onefs, classified under Incorrect Authorization. CVSS score: 7.0/10. Published 2025-04-10.
How severe is CVE-2025-26330?
High severity. CVSS v3 base score is 7.0 out of 10.