Dell Technologies has issued a critical security advisory for PowerScale OneFS, warning of multiple severe vulnerabilities that threaten enterprise storage environments. The most critical of these, CVE-2025-27690, affects PowerScale OneFS versions 9.5.0.0 through 9.10.1.0. This vulnerability stems from the use of default passwords, which allows unauthenticated, remote attackers to take over high-privileged user accounts without requiring any user interaction or elevated privileges.

In addition to CVE-2025-27690, Dell's advisory highlights several other vulnerabilities affecting different versions of PowerScale OneFS. CVE-2025-26330, with a CVSS score of 7.0, is an authorization flaw that affects versions 9.4.0.0 through 9.10.0.1, allowing local attackers to gain unauthorized access using the privileges of disabled user accounts. This could lead to unauthorized data access or manipulation. CVE-2025-22471 presents an integer overflow vulnerability, while CVE-2025-26480 is tied to uncontrolled resource consumption. both of which can lead to denial-of-service (DoS) conditions and degrade system performance or availability.

The vulnerabilities collectively expose multiple attack vectors within Dell’s PowerScale OneFS storage systems. The most dangerous scenario involves a remote attacker targeting exposed management interfaces, exploiting CVE-2025-27690, and gaining system-level control over storage infrastructure. This compromises not only data confidentiality and availability but also the operational stability of enterprise environments. Security experts have warned that unpatched systems are at high risk, especially given the lack of required authentication or user interaction in the exploitation chain.

To mitigate these risks, Dell urges customers to immediately upgrade to version 9.10.1.1 or later, which addresses all identified vulnerabilities. For environments where immediate updates aren't feasible, Dell provides workarounds, including adding affected accounts to the "Users who cannot be modified" list, resetting passwords, and disabling the WebUI and API via CLI. Organizations are also advised to implement firewall rules to restrict access to management interfaces and consider adopting Dell’s Long-Term Support (LTS) 2025 version (9.10.1.x) for enhanced stability and security. Prioritizing patches based on CVSS scores and organizational impact is strongly recommended.