Security Vulnerability Report
中文
CVE-2025-43723 CVSS 5.9 MEDIUM

CVE-2025-43723

Published: 2025-11-10 19:15:57
Last Modified: 2026-02-20 18:38:47
Source: [email protected]

Description

Dell PowerScale OneFS, versions prior to 9.10.1.3 and versions 9.11.0.0 through 9.12.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

CVSS Details

CVSS Score
5.9
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:dell:powerscale_onefs:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:dell:powerscale_onefs:*:*:*:*:*:*:*:* - VULNERABLE
Dell PowerScale OneFS < 9.10.1.3
Dell PowerScale OneFS 9.11.0.0
Dell PowerScale OneFS 9.11.1.0
Dell PowerScale OneFS 9.12.0.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-43723 PoC - Dell PowerScale OneFS 加密算法漏洞检测 # Note: This is a conceptual PoC for vulnerability detection # Actual exploitation requires specific cryptographic weakness identification import requests import ssl import json from urllib.parse import urljoin def check_cve_2025_43723(target_url): """ Check for CVE-2025-43723 vulnerability in Dell PowerScale OneFS This PoC demonstrates detection of weak cryptographic algorithm usage """ results = { 'cve_id': 'CVE-2025-43723', 'target': target_url, 'vulnerable': False, 'details': [] } # Check OneFS version endpoint version_endpoints = [ '/platform/1 cluster/node/version', '/platform/3/cluster/config', '/api/v1.0/cluster/node/version' ] for endpoint in version_endpoints: try: url = urljoin(target_url, endpoint) response = requests.get(url, timeout=10, verify=False) if response.status_code == 200: version_data = response.json() results['details'].append(f"Found version endpoint: {endpoint}") results['details'].append(f"Response: {json.dumps(version_data, indent=2)}") # Check for vulnerable versions # Versions < 9.10.1.3 or 9.11.0.0 - 9.12.0.0 are affected except requests.exceptions.RequestException as e: results['details'].append(f"Error accessing {endpoint}: {str(e)}") # Check for SSL/TLS configuration issues try: url = urljoin(target_url, '/') response = requests.get(url, timeout=10, verify=False) # Analyze SSL context if available if hasattr(response, 'connection') and response.connection: ssl_context = response.connection.getpeercert(True) if ssl_context: results['details'].append("SSL certificate detected - further analysis required") except Exception as e: results['details'].append(f"SSL check error: {str(e)}") return results def main(): target = input("Enter target URL (e.g., https://192.168.1.100): ").strip() if not target.startswith('http'): target = f"https://{target}" print(f"\n[*] Scanning for CVE-2025-43723 on {target}") print("=" * 60) results = check_cve_2025_43723(target) print(f"\n[+] Results:") print(json.dumps(results, indent=2)) print("\n[!] Note: This is a detection PoC only.") print("[!] For full vulnerability assessment, analyze cryptographic implementation.") print("[!] Recommended: Upgrade to OneFS 9.10.1.3 or later.") if __name__ == '__main__': main() # References: # - Dell DSA-2025-381: https://www.dell.com/support/kbdoc/en-us/000390206/ # - Affected versions: < 9.10.1.3, 9.11.0.0 - 9.12.0.0

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-43723", "sourceIdentifier": "[email protected]", "published": "2025-11-10T19:15:56.880", "lastModified": "2026-02-20T18:38:47.087", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell PowerScale OneFS, versions prior to 9.10.1.3 and versions 9.11.0.0 through 9.12.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.2, "impactScore": 3.6}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-327"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:dell:powerscale_onefs:*:*:*:*:*:*:*:*", "versionEndExcluding": "9.10.1.3", "matchCriteriaId": "7DFB4FC4-16D5-442B-A56D-D0F5701037CF"}, {"vulnerable": true, "criteria": "cpe:2.3:o:dell:powerscale_onefs:*:*:*:*:*:*:*:*", "versionStartIncluding": "9.11.0.0", "versionEndExcluding": "9.12.0.0", "matchCriteriaId": "E943ABD7-89C5-4B3C-A6F5-60CF6AF1A121"}]}]}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000390206/dsa-2025-381-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.