CVE-2026-25907

Dell PowerScale OneFS, version 9.13.0.0, contains an overly restrictive account lockout mechanism vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-sg/000434591/dsa-2026-095-security-update-for-dell-powerscale-onefs-overly-restrictive-account-lockout-mechanism-vulnerability	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:dell:powerscale_onefs:9.13.0.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-03-04 13:15

Updated : 2026-03-04 20:45

NVD link : CVE-2026-25907

Mitre link : CVE-2026-25907

CVE.ORG link : CVE-2026-25907

JSON object : View

Products Affected

dell

powerscale_onefs

CWE

CWE-645

Overly Restrictive Account Lockout Mechanism

{"id": "CVE-2026-25907", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2026-03-04T13:15:58.470", "references": [{"url": "https://www.dell.com/support/kbdoc/en-sg/000434591/dsa-2026-095-security-update-for-dell-powerscale-onefs-overly-restrictive-account-lockout-mechanism-vulnerability", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-645"}]}], "descriptions": [{"lang": "en", "value": "Dell PowerScale OneFS, version 9.13.0.0, contains an overly restrictive account lockout mechanism vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service."}, {"lang": "es", "value": "Dell PowerScale OneFS, versi\u00f3n 9.13.0.0, contiene una vulnerabilidad en el mecanismo de bloqueo de cuentas excesivamente restrictivo. Un atacante no autenticado con acceso remoto podr\u00eda potencialmente explotar esta vulnerabilidad, lo que llevar\u00eda a una denegaci\u00f3n de servicio."}], "lastModified": "2026-03-04T20:45:09.673", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:powerscale_onefs:9.13.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "387E2E26-BEB0-469E-A9EA-BF72473A0B2A"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}