Two severe security vulnerabilities have been disclosed in Dell PowerScale OneFS, posing major risks to enterprise storage systems. The most critical issue, tracked as CVE-2024-53298, impacts OneFS versions 9.5.0.0 through 9.10.0.1 and carries a CVSS score of high, signifying an extremely high risk to organizational data. This flaw stems from a missing authorization check in the Network File System (NFS) export feature, enabling unauthenticated remote attackers to bypass security controls and gain complete access to the filesystem. As PowerScale systems are typically used for storing mission-critical data, successful exploitation could allow threat actors to read, modify, or delete files without any authentication.

The technical breakdown of CVE-2024-53298 highlights its danger: it requires no privileges or user interaction, is exploitable over a network, and has a low complexity threshold, making it ideal for remote attacks. The vulnerability affects the NFS protocol, widely used in enterprise environments, and essentially converts the storage system into an open-access file repository. This introduces a significant breach in confidentiality, integrity, and availability of enterprise data, with potential consequences including exposure of sensitive documents, sabotage of configurations, and data destruction.

Accompanying the critical flaw is a secondary vulnerability, CVE-2025-32753, rated at CVSS medium. This is a local SQL injection vulnerability that affects the same OneFS versions. Although less severe on its own, it could be used by a low-privileged attacker with local access to perform malicious actions such as injecting harmful SQL commands, potentially leading to data tampering, unauthorized data access, or denial-of-service attacks. In a chained attack scenario, a threat actor exploiting CVE-2024-53298 for initial access could leverage CVE-2025-32753 to escalate privileges and compromise the entire system, escalating the overall risk profile significantly.

In response, Dell Technologies strongly urges all customers running the affected versions to immediately upgrade to patched releases. As a temporary mitigation, organizations should restrict NFS access via firewall rules or network access controls. Additionally, security teams should conduct urgent forensic audits of PowerScale systems to detect any signs of unauthorized access. The dual nature of these vulnerabilities, remote access coupled with local privilege escalation, creates a dangerously broad attack surface. Rapid remediation is critical not only for protecting sensitive data but also for ensuring compliance with industry regulations and maintaining trust in enterprise storage infrastructure.