{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-43883", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2025-04-18T05:05:05.740Z", "datePublished": "2026-04-16T17:54:09.831Z", "dateUpdated": "2026-04-18T02:39:20.246Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-04-16T18:05:57.154Z"}, "datePublic": "2025-10-01T17:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-754", "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions", "type": "CWE"}]}], "affected": [{"vendor": "Dell", "product": "PowerScale OneFS", "versions": [{"status": "affected", "version": "9.5.0.0", "lessThan": "9.10.1.2", "versionType": "semver"}, {"status": "affected", "version": "0", "lessThan": "9.12.0.0", "versionType": "semver"}, {"status": "affected", "version": "9.7.0.0", "lessThan": "9.7.1.10", "versionType": "semver"}, {"status": "affected", "version": "9.5.0.0", "lessThan": "9.5.1.4", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper check for unusual or exceptional conditions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper check for unusual or exceptional conditions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service."}]}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000376214/dsa-2025-347-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 4.1, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-18T02:38:06.694001Z", "id": "CVE-2025-43883", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-18T02:39:20.246Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-43883", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-18T02:38:06.694001Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-18T02:39:16.120Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dell", "product": "PowerScale OneFS", "versions": [{"status": "affected", "version": "9.5.0.0", "lessThan": "9.10.1.2", "versionType": "semver"}, {"status": "affected", "version": "0", "lessThan": "9.12.0.0", "versionType": "semver"}, {"status": "affected", "version": "9.7.0.0", "lessThan": "9.7.1.10", "versionType": "semver"}, {"status": "affected", "version": "9.5.0.0", "lessThan": "9.5.1.4", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2025-10-01T17:00:00.000Z", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000376214/dsa-2025-347-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper check for unusual or exceptional conditions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service.", "supportingMedia": [{"type": "text/html", "value": "Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper check for unusual or exceptional conditions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-754", "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-04-16T18:05:57.154Z"}}}, "cveMetadata": {"cveId": "CVE-2025-43883", "state": "PUBLISHED", "dateUpdated": "2026-04-18T02:39:20.246Z", "dateReserved": "2025-04-18T05:05:05.740Z", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "datePublished": "2026-04-16T17:54:09.831Z", "assignerShortName": "dell"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:powerscale_onefs:*:*:*:*:*:*:*:*", "matchCriteriaId": "E2CB3CCA-1CD2-413A-A9D1-4C89267D6DA3", "versionEndExcluding": "9.5.1.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:dell:powerscale_onefs:*:*:*:*:*:*:*:*", "matchCriteriaId": "78A9B66B-77E0-475D-ACF7-668364C4821F", "versionEndExcluding": "9.7.1.10", "versionStartIncluding": "9.6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:dell:powerscale_onefs:*:*:*:*:*:*:*:*", "matchCriteriaId": "34F73334-874F-4D04-A0F1-BA9A5C505BAB", "versionEndExcluding": "9.10.1.3", "versionStartIncluding": "9.8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:dell:powerscale_onefs:*:*:*:*:*:*:*:*", "matchCriteriaId": "E943ABD7-89C5-4B3C-A6F5-60CF6AF1A121", "versionEndExcluding": "9.12.0.0", "versionStartIncluding": "9.11.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper check for unusual or exceptional conditions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service."}], "id": "CVE-2025-43883", "lastModified": "2026-04-21T14:32:12.420", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 3.6, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2026-04-16T18:16:43.667", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000376214/dsa-2025-347-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-754"}], "source": "security_alert@emc.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[9.5.0.0,9.10.1.2)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,9.12.0.0)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[9.7.0.0,9.7.1.10)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[9.5.0.0,9.5.1.4)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "PowerScale OneFS", "source": "cna", "vendor": "Dell"}, "product": "powerscale_onefs", "vendor": "dell"}], "analysis": {"en": {"generated_at": "2026-04-17T02:53:50.026825+00:00", "value": {"mitigation_remediation": ["Update Dell PowerScale OneFS to 9.12.0.0 or newer using the DSA\u20112025\u2011347 security update", "If an update is not yet applied, restrict local high\u2011privileged accounts and monitor for unexpected service stops", "Apply network\u2011level protection to isolate the OneFS node from untrusted local connections until a patch is applied"], "summary": {"action": "Patch ASAP", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "Dell PowerScale OneFS versions earlier than 9.12.0.0 are susceptible. The vulnerability is present in the product when deployed on any platform that runs these affected releases and has not yet been upgraded.", "description_and_impact": "An improper check for unusual or exceptional conditions in Dell PowerScale OneFS allows a high\u2011privileged local attacker to trigger a denial of service when the condition is evaluated incorrectly. The flaw does not provide direct data disclosure or code execution, but it can stop the system or a service from operating, potentially affecting availability for the entire file system cluster if the attack is successful.", "risk_and_exploitability": "The CVSS score is 4.1, placing the vulnerability in the low\u2011severity range. EPSS data is unavailable, so the likelihood of exploitation is unclear, and the vulnerability is not listed in CISA\u2019s KEV catalog. The attack requires local access with high privileges, thus limiting the threat surface to administrators or compromised administrative accounts. While the impact is limited to service interruption, an attacker who can persist the denial could disrupt critical workflows."}}}}, "created": "2026-04-16T19:30:35.695547+00:00", "title": "Improper Check Enables Denial of Service in Dell PowerScale OneFS", "updated": "2026-04-17T03:00:08.454917+00:00", "vendors": ["dell", "dell$PRODUCT$powerscale_onefs"]}