Description
Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper resource shutdown or release vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service.
Published: 2026-04-16
Score: 4.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch Now
AI Analysis

Impact

Dell PowerScale OneFS prior to version 9.12.0.0 has an improper resource shutdown or release flaw that can be triggered by an attacker who has local high privileged access. If exploited, the system may terminate critical processes or services, causing the storage appliance or its managed workloads to become unavailable. The error is a direct result of resource mismanagement and classifies as improper resource shutdown weakness.

Affected Systems

Dell PowerScale OneFS running any release before version 9.12.0.0 is susceptible. Systems that have not applied the Dell Security Update for 9.12.0.0 or newer are at risk.

Risk and Exploitability

The vulnerability scores a CVSS of 4.4, indicating moderate severity. No EPSS data is currently available, and the issue is not listed in the CISA KEV catalog. Attack requires local access with high privileges, so the threat surface is limited to physically or remotely compromised administrators. If the attacker can reach the target machine, the denial of service effect could persist until the system is rebooted or the patch applied.

Generated by OpenCVE AI on April 17, 2026 at 02:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Dell Security Update DSA-2025-347 for OneFS to version 9.12.0.0 or later.
  • Restrict local administrative privileges and audit accounts with high access levels to mitigate further exploitation.
  • If immediate patching is not possible, isolate the affected appliance from critical workloads and monitor for abnormal shutdown or reboot events.

Generated by OpenCVE AI on April 17, 2026 at 02:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 21 Apr 2026 14:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:dell:powerscale_onefs:*:*:*:*:*:*:*:*

Fri, 17 Apr 2026 03:15:00 +0000

Type Values Removed Values Added
Title Improper Resource Release Causing Denial of Service in Dell PowerScale OneFS

Thu, 16 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 16 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell powerscale Onefs
Vendors & Products Dell
Dell powerscale Onefs

Thu, 16 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper resource shutdown or release vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service.
Weaknesses CWE-404
References
Metrics cvssV3_1

{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Dell Powerscale Onefs
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-04-16T19:38:28.840Z

Reserved: 2025-04-20T05:04:01.414Z

Link: CVE-2025-43935

cve-icon Vulnrichment

Updated: 2026-04-16T19:38:23.611Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-16T19:16:32.610

Modified: 2026-04-21T14:32:45.013

Link: CVE-2025-43935

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T03:00:08Z

Weaknesses