CVE-2025-26330

{"id": "CVE-2025-26330", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.0}]}, "published": "2025-04-10T03:15:18.727", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000300860/dsa-2025-119-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an incorrect authorization vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability to access the cluster with previous privileges of a disabled user account."}, {"lang": "es", "value": " Dell PowerScale OneFS, versiones 9.4.0.0 a 9.10.0.1, contiene una vulnerabilidad de autorizaci\u00f3n incorrecta. Un atacante no autenticado con acceso local podr\u00eda potencialmente aprovechar esta vulnerabilidad para acceder al cl\u00faster con privilegios previos de una cuenta de usuario deshabilitada."}], "lastModified": "2025-07-15T16:15:49.393", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:powerscale_onefs:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7CD11155-2AAB-447A-9726-6AE699A84A17", "versionEndIncluding": "9.10.1.1", "versionStartIncluding": "9.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}