Security updates: Dell fixes PowerScale OneFS and Bluetooth drivers

Attackers can exploit a vulnerability in Dell's NAS operating system PowerScale OneFS and delete files. In addition, a gap in the Bluetooth driver makes countless Dell PCs vulnerable. Security updates are available for download. Admins should install them promptly to protect their computers.

The vulnerability (CVE-2025-53298) in the NAS system is classified as “critical”. Because authentication is missing during NFS export, attackers can exploit the vulnerability remotely without logging in, the developers explain in a warning message. PowerScale OneFS 9.5.0.0 up to and including 9.10.0.1 should be affected.

The developers have also closed other gaps (such as CVE-2025-32753 “medium”) in PowerScale OneFS. Attackers can use these vulnerabilities for DoS attacks, among other things. Releases 9.5.1.3, 9.7.1.8 and 9.10.1.2 are equipped against this.

Bluetooth vulnerability

According to an article, countless Dell computers from the Alienware and Inspiron series, for example, can be attacked via a security vulnerability (CVE-2024-11857 “high”) in the Realtek Bluetooth driver. The full list of affected PC models can be found in the linked article. However, attackers must be authenticated locally to carry out a successful attack. If this is the case, they can delete files via a symbolic link.

Driver versions 2024.10.143.0 and 6001.15.156.200 are protected against this. So far, there have been no reports of ongoing attacks. It remains unclear how admins can recognize systems that have already been successfully attacked.

(des)