Dell PowerScale OneFS exposes sensitive user credentials in logs

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.6

Dell PowerScale OneFS exposes sensitive user credentials in logs

CVE-2025-43937

Summary

Dell PowerScale OneFS versions prior to 9.12.0.0 store user credentials in log files, which can be accessed by a low-privileged attacker with local access. This could allow an attacker to steal user credentials and potentially gain access to the system with the same privileges. Update to version 9.12.0.0 or later to fix this issue.

Original title

Original description

Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

nvd CVSS3.1 6.6

Vulnerability type

CWE-532 Insertion of Sensitive Information into Log File

https://www.dell.com/support/kbdoc/en-us/000376214/dsa-2025-347-security-update-...

Published: 16 Apr 2026 · Updated: 17 Apr 2026 · First seen: 16 Apr 2026