{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-43937", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2025-04-20T05:04:01.415Z", "datePublished": "2026-04-16T18:03:08.750Z", "dateUpdated": "2026-04-16T18:51:41.562Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-04-16T18:03:08.750Z"}, "datePublic": "2025-10-01T17:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-532", "description": "CWE-532: Insertion of Sensitive Information into Log File", "type": "CWE"}]}], "affected": [{"vendor": "Dell", "product": "PowerScale OneFS", "versions": [{"status": "affected", "version": "9.5.0.0", "lessThan": "9.10.1.3", "versionType": "semver"}, {"status": "affected", "version": "0", "lessThan": "9.12.0.0", "versionType": "semver"}, {"status": "affected", "version": "9.7.0.0", "lessThan": "9.7.1.9", "versionType": "semver"}, {"status": "affected", "version": "9.5.0.0", "lessThan": "9.5.1.5", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account."}]}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000376214/dsa-2025-347-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-16T18:51:17.818973Z", "id": "CVE-2025-43937", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T18:51:41.562Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-43937", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-16T18:51:17.818973Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T18:51:21.123Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dell", "product": "PowerScale OneFS", "versions": [{"status": "affected", "version": "9.5.0.0", "lessThan": "9.10.1.3", "versionType": "semver"}, {"status": "affected", "version": "0", "lessThan": "9.12.0.0", "versionType": "semver"}, {"status": "affected", "version": "9.7.0.0", "lessThan": "9.7.1.9", "versionType": "semver"}, {"status": "affected", "version": "9.5.0.0", "lessThan": "9.5.1.5", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2025-10-01T17:00:00.000Z", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000376214/dsa-2025-347-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.", "supportingMedia": [{"type": "text/html", "value": "Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-532", "description": "CWE-532: Insertion of Sensitive Information into Log File"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-04-16T18:03:08.750Z"}}}, "cveMetadata": {"cveId": "CVE-2025-43937", "state": "PUBLISHED", "dateUpdated": "2026-04-16T18:51:41.562Z", "dateReserved": "2025-04-20T05:04:01.415Z", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "datePublished": "2026-04-16T18:03:08.750Z", "assignerShortName": "dell"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:powerscale_onefs:*:*:*:*:*:*:*:*", "matchCriteriaId": "E2CB3CCA-1CD2-413A-A9D1-4C89267D6DA3", "versionEndExcluding": "9.5.1.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:dell:powerscale_onefs:*:*:*:*:*:*:*:*", "matchCriteriaId": "78A9B66B-77E0-475D-ACF7-668364C4821F", "versionEndExcluding": "9.7.1.10", "versionStartIncluding": "9.6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:dell:powerscale_onefs:*:*:*:*:*:*:*:*", "matchCriteriaId": "34F73334-874F-4D04-A0F1-BA9A5C505BAB", "versionEndExcluding": "9.10.1.3", "versionStartIncluding": "9.8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:dell:powerscale_onefs:*:*:*:*:*:*:*:*", "matchCriteriaId": "E943ABD7-89C5-4B3C-A6F5-60CF6AF1A121", "versionEndExcluding": "9.12.0.0", "versionStartIncluding": "9.11.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account."}], "id": "CVE-2025-43937", "lastModified": "2026-04-21T14:33:40.430", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 5.2, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2026-04-16T19:16:32.750", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000376214/dsa-2025-347-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "security_alert@emc.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[9.5.0.0,9.10.1.3)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,9.12.0.0)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[9.7.0.0,9.7.1.9)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[9.5.0.0,9.5.1.5)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "PowerScale OneFS", "source": "cna", "vendor": "Dell"}, "product": "powerscale_onefs", "vendor": "dell"}], "analysis": {"en": {"generated_at": "2026-04-17T03:22:03.278925+00:00", "value": {"mitigation_remediation": ["Install Dell PowerScale OneFS security update DSA\u20112025\u2011347 or upgrade to version 9.12.0.0 or later", "Limit local user privileges so that only trusted administrators have access to components that log credentials", "Implement log monitoring to detect unexpected credential entries and review logs regularly for suspicious activity"], "summary": {"action": "Apply Patch", "impact": "Sensitive data disclosure via log injection"}, "threat_synthesis": {"affected_systems": "All Dell PowerScale OneFS installations running versions earlier than 9.12.0.0 are affected.", "description_and_impact": "A low\u2011privileged attacker with local access can insert sensitive information into log files on Dell PowerScale OneFS. The injected data can expose user credentials, allowing the attacker to log into the application using the compromised account\u2019s privileges.", "risk_and_exploitability": "The vulnerability scores a 6.6 on the CVSS v3 scale, indicating medium severity. No EPSS score is available and the exposure is not listed in the CISA KEV catalog. The attack vector is local and requires a user with low privileges on the affected system. Once credentials are leaked, the attacker can elevate access within the application context."}}}}, "created": "2026-04-16T19:30:35.695183+00:00", "title": "Log File Sensitive Information Injection in Dell PowerScale OneFS", "updated": "2026-04-17T03:30:08.588885+00:00", "vendors": ["dell", "dell$PRODUCT$powerscale_onefs"]}