CVE-2025-0052 - Vulnerability Details - OpenCVE

Improper input validation performed during the authentication process of FlashBlade could lead to a system Denial of Service.

Attack Vector Network

Attack Complexity High

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://support.purestorage.com/bundle/m_security_bulletins/page/Pure_Security/topics/concept/c_security_bulletins.html

History

Sat, 12 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00078}`	epss `{'score': 0.00085}`

Wed, 11 Jun 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 10 Jun 2025 17:45:00 +0000

Type	Values Removed	Values Added
Description		Improper input validation performed during the authentication process of FlashBlade could lead to a system Denial of Service.
Title		FlashBlade DOS Vulnerability
Weaknesses		CWE-20
References		https://support.purestorage.com/bundle/m_security_bulletins/page/Pure_Security/topics/concept/c_security_bulletins.html
Metrics		cvssV4_0 `{'score': 8.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: PureStorage

Published: 2025-06-10T17:39:21.299Z

Updated: 2025-06-11T14:41:02.200Z

Reserved: 2024-12-04T17:42:04.001Z

Link: CVE-2025-0052

Vulnrichment

Updated: 2025-06-11T14:40:57.979Z

NVD

Status : Awaiting Analysis

Published: 2025-06-10T18:15:30.180

Modified: 2025-06-12T16:06:29.520

Link: CVE-2025-0052

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-0052", "assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac", "state": "PUBLISHED", "assignerShortName": "PureStorage", "dateReserved": "2024-12-04T17:42:04.001Z", "datePublished": "2025-06-10T17:39:21.299Z", "dateUpdated": "2025-06-11T14:41:02.200Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Purity"], "product": "FlashBlade", "vendor": "Pure Storage", "versions": [{"changes": [{"at": "security-patch-fb-2025-A", "status": "unaffected"}], "lessThanOrEqual": "3.3.11", "status": "affected", "version": "3.3.0", "versionType": "cpe"}, {"changes": [{"at": "security-patch-fb-2025-A", "status": "unaffected"}], "lessThanOrEqual": "4.0.6", "status": "affected", "version": "4.0.0", "versionType": "cpe"}, {"changes": [{"at": "security-patch-fb-2025-A", "status": "unaffected"}], "lessThanOrEqual": "4.1.20", "status": "affected", "version": "4.1.0", "versionType": "cpe"}, {"changes": [{"at": "security-patch-fb-2025-A", "status": "unaffected"}], "lessThanOrEqual": "4.2.3", "status": "affected", "version": "4.2.0", "versionType": "cpe"}, {"changes": [{"at": "security-patch-fb-2025-A", "status": "unaffected"}], "lessThanOrEqual": "4.3.12", "status": "affected", "version": "4.3.0", "versionType": "cpe"}, {"changes": [{"at": "security-patch-fb-2025-A", "status": "unaffected"}], "lessThanOrEqual": "4.4.6", "status": "affected", "version": "4.4.0", "versionType": "cpe"}, {"changes": [{"at": "security-patch-fb-2025-A", "status": "unaffected"}], "lessThanOrEqual": "4.5.2", "status": "affected", "version": "4.5.0", "versionType": "cpe"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Improper input validation performed during the authentication process of FlashBlade could lead to a system Denial of Service.</p>"}], "value": "Improper input validation performed during the authentication process of FlashBlade could lead to a system Denial of Service."}], "impacts": [{"capecId": "CAPEC-130", "descriptions": [{"lang": "en", "value": "CAPEC-130 Excessive Allocation"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.3, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "3895c224-4e1d-482a-adb3-fa64795683ac", "shortName": "PureStorage", "dateUpdated": "2025-06-10T17:39:21.299Z"}, "references": [{"url": "https://support.purestorage.com/bundle/m_security_bulletins/page/Pure_Security/topics/concept/c_security_bulletins.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">CVE-2025-0052 is resolved in the following FlashBlade //Purity versions:</span><ul><li><p>Purity//FB 4.3.13 or later</p></li></ul><ul><li><p>Purity//FB 4.4.7 or later</p></li></ul><ul><li><p>Purity//FB 4.5.3 or later</p></li></ul><i></i>or<br><br>apply <b>security-patch-fb-2025-A</b>"}], "value": "CVE-2025-0052 is resolved in the following FlashBlade //Purity versions: * Purity//FB 4.3.13 or later\n\n\n\n\n * Purity//FB 4.4.7 or later\n\n\n\n\n * Purity//FB 4.5.3 or later\n\n\n\n\nor\n\napply security-patch-fb-2025-A"}], "source": {"discovery": "UNKNOWN"}, "title": "FlashBlade DOS Vulnerability", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-11T14:40:55.280101Z", "id": "CVE-2025-0052", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-11T14:41:02.200Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0052", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-11T14:40:55.280101Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-11T14:40:57.979Z"}}], "cna": {"title": "FlashBlade DOS Vulnerability", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-130", "descriptions": [{"lang": "en", "value": "CAPEC-130 Excessive Allocation"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Pure Storage", "product": "FlashBlade", "versions": [{"status": "affected", "changes": [{"at": "security-patch-fb-2025-A", "status": "unaffected"}], "version": "3.3.0", "versionType": "cpe", "lessThanOrEqual": "3.3.11"}, {"status": "affected", "changes": [{"at": "security-patch-fb-2025-A", "status": "unaffected"}], "version": "4.0.0", "versionType": "cpe", "lessThanOrEqual": "4.0.6"}, {"status": "affected", "changes": [{"at": "security-patch-fb-2025-A", "status": "unaffected"}], "version": "4.1.0", "versionType": "cpe", "lessThanOrEqual": "4.1.20"}, {"status": "affected", "changes": [{"at": "security-patch-fb-2025-A", "status": "unaffected"}], "version": "4.2.0", "versionType": "cpe", "lessThanOrEqual": "4.2.3"}, {"status": "affected", "changes": [{"at": "security-patch-fb-2025-A", "status": "unaffected"}], "version": "4.3.0", "versionType": "cpe", "lessThanOrEqual": "4.3.12"}, {"status": "affected", "changes": [{"at": "security-patch-fb-2025-A", "status": "unaffected"}], "version": "4.4.0", "versionType": "cpe", "lessThanOrEqual": "4.4.6"}, {"status": "affected", "changes": [{"at": "security-patch-fb-2025-A", "status": "unaffected"}], "version": "4.5.0", "versionType": "cpe", "lessThanOrEqual": "4.5.2"}], "platforms": ["Purity"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "CVE-2025-0052 is resolved in the following FlashBlade //Purity versions: * Purity//FB 4.3.13 or later\n\n\n\n\n * Purity//FB 4.4.7 or later\n\n\n\n\n * Purity//FB 4.5.3 or later\n\n\n\n\nor\n\napply security-patch-fb-2025-A", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">CVE-2025-0052 is resolved in the following FlashBlade //Purity versions:</span><ul><li><p>Purity//FB 4.3.13 or later</p></li></ul><ul><li><p>Purity//FB 4.4.7 or later</p></li></ul><ul><li><p>Purity//FB 4.5.3 or later</p></li></ul><i></i>or<br><br>apply <b>security-patch-fb-2025-A</b>", "base64": false}]}], "references": [{"url": "https://support.purestorage.com/bundle/m_security_bulletins/page/Pure_Security/topics/concept/c_security_bulletins.html"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Improper input validation performed during the authentication process of FlashBlade could lead to a system Denial of Service.", "supportingMedia": [{"type": "text/html", "value": "<p>Improper input validation performed during the authentication process of FlashBlade could lead to a system Denial of Service.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "3895c224-4e1d-482a-adb3-fa64795683ac", "shortName": "PureStorage", "dateUpdated": "2025-06-10T17:39:21.299Z"}}}, "cveMetadata": {"cveId": "CVE-2025-0052", "state": "PUBLISHED", "dateUpdated": "2025-06-11T14:41:02.200Z", "dateReserved": "2024-12-04T17:42:04.001Z", "assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac", "datePublished": "2025-06-10T17:39:21.299Z", "assignerShortName": "PureStorage"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper input validation performed during the authentication process of FlashBlade could lead to a system Denial of Service."}, {"lang": "es", "value": "Una validaci\u00f3n de entrada incorrecta realizada durante el proceso de autenticaci\u00f3n de FlashBlade podr\u00eda provocar una denegaci\u00f3n de servicio del sistema."}], "id": "CVE-2025-0052", "lastModified": "2025-06-12T16:06:29.520", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "psirt@purestorage.com", "type": "Secondary"}]}, "published": "2025-06-10T18:15:30.180", "references": [{"source": "psirt@purestorage.com", "url": "https://support.purestorage.com/bundle/m_security_bulletins/page/Pure_Security/topics/concept/c_security_bulletins.html"}], "sourceIdentifier": "psirt@purestorage.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "psirt@purestorage.com", "type": "Secondary"}]}