{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-43935", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2025-04-20T05:04:01.414Z", "datePublished": "2026-04-16T17:59:04.315Z", "dateUpdated": "2026-04-16T19:38:28.840Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-04-16T17:59:04.315Z"}, "datePublic": "2025-10-01T17:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-404", "description": "CWE-404: Improper Resource Shutdown or Release", "type": "CWE"}]}], "affected": [{"vendor": "Dell", "product": "PowerScale OneFS", "versions": [{"status": "affected", "version": "9.5.0.0", "lessThan": "9.10.1.3", "versionType": "semver"}, {"status": "affected", "version": "0", "lessThan": "9.12.0.0", "versionType": "semver"}, {"status": "affected", "version": "9.7.0.0", "lessThan": "9.7.1.10", "versionType": "semver"}, {"status": "affected", "version": "9.5.0.0", "lessThan": "9.5.1.5", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper resource shutdown or release vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper resource shutdown or release vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service."}]}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000376214/dsa-2025-347-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 4.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-16T19:38:11.063306Z", "id": "CVE-2025-43935", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T19:38:28.840Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-43935", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-16T19:38:11.063306Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T19:38:23.611Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dell", "product": "PowerScale OneFS", "versions": [{"status": "affected", "version": "9.5.0.0", "lessThan": "9.10.1.3", "versionType": "semver"}, {"status": "affected", "version": "0", "lessThan": "9.12.0.0", "versionType": "semver"}, {"status": "affected", "version": "9.7.0.0", "lessThan": "9.7.1.10", "versionType": "semver"}, {"status": "affected", "version": "9.5.0.0", "lessThan": "9.5.1.5", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2025-10-01T17:00:00.000Z", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000376214/dsa-2025-347-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper resource shutdown or release vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service.", "supportingMedia": [{"type": "text/html", "value": "Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper resource shutdown or release vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-404", "description": "CWE-404: Improper Resource Shutdown or Release"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-04-16T17:59:04.315Z"}}}, "cveMetadata": {"cveId": "CVE-2025-43935", "state": "PUBLISHED", "dateUpdated": "2026-04-16T19:38:28.840Z", "dateReserved": "2025-04-20T05:04:01.414Z", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "datePublished": "2026-04-16T17:59:04.315Z", "assignerShortName": "dell"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:powerscale_onefs:*:*:*:*:*:*:*:*", "matchCriteriaId": "E2CB3CCA-1CD2-413A-A9D1-4C89267D6DA3", "versionEndExcluding": "9.5.1.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:dell:powerscale_onefs:*:*:*:*:*:*:*:*", "matchCriteriaId": "78A9B66B-77E0-475D-ACF7-668364C4821F", "versionEndExcluding": "9.7.1.10", "versionStartIncluding": "9.6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:dell:powerscale_onefs:*:*:*:*:*:*:*:*", "matchCriteriaId": "34F73334-874F-4D04-A0F1-BA9A5C505BAB", "versionEndExcluding": "9.10.1.3", "versionStartIncluding": "9.8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:dell:powerscale_onefs:*:*:*:*:*:*:*:*", "matchCriteriaId": "E943ABD7-89C5-4B3C-A6F5-60CF6AF1A121", "versionEndExcluding": "9.12.0.0", "versionStartIncluding": "9.11.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper resource shutdown or release vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service."}], "id": "CVE-2025-43935", "lastModified": "2026-04-21T14:32:45.013", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2026-04-16T19:16:32.610", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000376214/dsa-2025-347-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-404"}], "source": "security_alert@emc.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[9.5.0.0,9.10.1.3)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,9.12.0.0)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[9.7.0.0,9.7.1.10)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[9.5.0.0,9.5.1.5)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "PowerScale OneFS", "source": "cna", "vendor": "Dell"}, "product": "powerscale_onefs", "vendor": "dell"}], "analysis": {"en": {"generated_at": "2026-04-17T02:53:37.088424+00:00", "value": {"mitigation_remediation": ["Apply the Dell Security Update DSA-2025-347 for OneFS to version 9.12.0.0 or later.", "Restrict local administrative privileges and audit accounts with high access levels to mitigate further exploitation.", "If immediate patching is not possible, isolate the affected appliance from critical workloads and monitor for abnormal shutdown or reboot events."], "summary": {"action": "Patch Now", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "Dell PowerScale OneFS running any release before version 9.12.0.0 is susceptible. Systems that have not applied the Dell Security Update for 9.12.0.0 or newer are at risk.", "description_and_impact": "Dell PowerScale OneFS prior to version 9.12.0.0 has an improper resource shutdown or release flaw that can be triggered by an attacker who has local high privileged access. If exploited, the system may terminate critical processes or services, causing the storage appliance or its managed workloads to become unavailable. The error is a direct result of resource mismanagement and classifies as improper resource shutdown weakness.", "risk_and_exploitability": "The vulnerability scores a CVSS of 4.4, indicating moderate severity. No EPSS data is currently available, and the issue is not listed in the CISA KEV catalog. Attack requires local access with high privileges, so the threat surface is limited to physically or remotely compromised administrators. If the attacker can reach the target machine, the denial of service effect could persist until the system is rebooted or the patch applied."}}}}, "created": "2026-04-16T20:00:05.497200+00:00", "title": "Improper Resource Release Causing Denial of Service in Dell PowerScale OneFS", "updated": "2026-04-17T03:00:08.446864+00:00", "vendors": ["dell", "dell$PRODUCT$powerscale_onefs"]}