Description
Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.
Published: 2026-04-16
Score: 6.6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive data disclosure via log injection
Action: Apply Patch
AI Analysis

Impact

A low‑privileged attacker with local access can insert sensitive information into log files on Dell PowerScale OneFS. The injected data can expose user credentials, allowing the attacker to log into the application using the compromised account’s privileges.

Affected Systems

All Dell PowerScale OneFS installations running versions earlier than 9.12.0.0 are affected.

Risk and Exploitability

The vulnerability scores a 6.6 on the CVSS v3 scale, indicating medium severity. No EPSS score is available and the exposure is not listed in the CISA KEV catalog. The attack vector is local and requires a user with low privileges on the affected system. Once credentials are leaked, the attacker can elevate access within the application context.

Generated by OpenCVE AI on April 17, 2026 at 03:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install Dell PowerScale OneFS security update DSA‑2025‑347 or upgrade to version 9.12.0.0 or later
  • Limit local user privileges so that only trusted administrators have access to components that log credentials
  • Implement log monitoring to detect unexpected credential entries and review logs regularly for suspicious activity

Generated by OpenCVE AI on April 17, 2026 at 03:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 21 Apr 2026 14:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:dell:powerscale_onefs:*:*:*:*:*:*:*:*

Fri, 17 Apr 2026 03:45:00 +0000

Type Values Removed Values Added
Title Log File Sensitive Information Injection in Dell PowerScale OneFS

Thu, 16 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell powerscale Onefs
Vendors & Products Dell
Dell powerscale Onefs

Thu, 16 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 16 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.
Weaknesses CWE-532
References
Metrics cvssV3_1

{'score': 6.6, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H'}

Subscriptions

Dell Powerscale Onefs
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-04-16T18:51:41.562Z

Reserved: 2025-04-20T05:04:01.415Z

Link: CVE-2025-43937

cve-icon Vulnrichment

Updated: 2026-04-16T18:51:21.123Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-16T19:16:32.750

Modified: 2026-04-21T14:33:40.430

Link: CVE-2025-43937

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T03:30:08Z

Weaknesses