Critical Dell PowerStore T Vulnerability Allows Full System Compromise

As part of its ongoing commitment to product security, Dell Technologies has released a significant update for the PowerStore T family, remediating a series of vulnerabilities that could be exploited by malicious actors to compromise affected systems.

The update, detailed in advisory DSA-2025-223, is rated as high impact and urges immediate attention from all PowerStore T customers.

Multiple Vulnerabilities: Technical Overview

The security update addresses both third-party and proprietary vulnerabilities within the PowerStore T ecosystem.

– Advertisement –

Notably, the most critical proprietary issue, tracked as CVE-2025-36572, involves the use of hard-coded credentials within the PowerStore image file.

This vulnerability enables a low-privileged attacker with remote access and knowledge of these credentials to gain unauthorized access, potentially exposing sensitive system resources.

Technical Details:

CVE-2025-36572: Use of Hard-coded Credentials
- CVSS Base Score: 6.5
- Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Description: Allows remote attackers to access the system with hardcoded account privileges, bypassing standard authentication controls.

In addition to proprietary vulnerabilities, the update remediates a wide range of third-party component CVEs impacting packages such as bind-utils, glib2, kernel, libsoup, libtasn1, libxml2, OpenSSL, rsync, and xen.

These vulnerabilities range from privilege escalation and information disclosure to denial of service and remote code execution.

Example CVE Table

Component	CVEs Addressed	Severity/Impact
kernel	CVE-2021-47589, CVE-2024-49991, CVE-2022-49023, … (full list in advisory)	High (varied impacts)
OpenSSL	CVE-2024-13176	High (potential RCE)
rsync	CVE-2024-12085, CVE-2024-12087, CVE-2024-12747, CVE-2024-12088, CVE-2024-12086	Medium to High
libsoup	CVE-2024-52530, CVE-2024-52532, CVE-2024-52531	Medium
Proprietary	CVE-2025-36572	High (unauthorized access)

The vulnerabilities, particularly CVE-2025-36572, pose a significant risk as they could allow attackers to bypass authentication and escalate privileges within the environment.

Dell rates the overall impact as high, emphasizing that exploitation could lead to unauthorized access, data exposure, and potential disruption of storage operations.

Dell strongly recommends all customers promptly update their PowerStore T systems to the latest remediated version to mitigate these risks.

The following PowerStore T models and versions are affected and require immediate updates:

Product	Affected Versions	Remediated Version
PowerStore 500T	< 4.0.1.3-2494147	4.0.1.3-2494147 or later
PowerStore 1000T	< 4.0.1.3-2494147	4.0.1.3-2494147 or later
PowerStore 1200T	< 4.0.1.3-2494147	4.0.1.3-2494147 or later
PowerStore 3000T	< 4.0.1.3-2494147	4.0.1.3-2494147 or later
PowerStore 3200Q	< 4.0.1.3-2494147	4.0.1.3-2494147 or later
PowerStore 3200T	< 4.0.1.3-2494147	4.0.1.3-2494147 or later
PowerStore 5000T	< 4.0.1.3-2494147	4.0.1.3-2494147 or later
PowerStore 5200T	< 4.0.1.3-2494147	4.0.1.3-2494147 or later
PowerStore 7000T	< 4.0.1.3-2494147	4.0.1.3-2494147 or later
PowerStore 9000T	< 4.0.1.3-2494147	4.0.1.3-2494147 or later
PowerStore 9200T	< 4.0.1.3-2494147	4.0.1.3-2494147 or later

Remediation Steps:

Download and install the latest firmware (version 4.0.1.3-2494147 or later) for your specific PowerStore T model from Dell’s official support portal.
Review Dell’s security advisory and apply any additional recommended mitigations.