CVE-2025-0051 - Vulnerability Details - OpenCVE

Improper input validation performed during the authentication process of FlashArray could lead to a system Denial of Service.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Purestorage	Flasharray

No data.

No data.

References

Link	Providers
https://support.purestorage.com/bundle/m_security_bulletins/page/Pure_Security/topics/concept/c_security_bulletins.html

History

Sat, 12 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00078}`	epss `{'score': 0.00085}`

Wed, 11 Jun 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 10 Jun 2025 17:45:00 +0000

Type	Values Removed	Values Added
Description		Improper input validation performed during the authentication process of FlashArray could lead to a system Denial of Service.
Title		FlashArray DOS Vulnerability
Weaknesses		CWE-20
References		https://support.purestorage.com/bundle/m_security_bulletins/page/Pure_Security/topics/concept/c_security_bulletins.html
Metrics		cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: PureStorage

Published: 2025-06-10T17:29:43.451Z

Updated: 2025-06-11T14:42:30.846Z

Reserved: 2024-12-04T17:41:50.416Z

Link: CVE-2025-0051

Vulnrichment

Updated: 2025-06-11T14:42:28.417Z

NVD

Status : Awaiting Analysis

Published: 2025-06-10T18:15:30.030

Modified: 2025-06-12T16:06:29.520

Link: CVE-2025-0051

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-0051", "assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac", "state": "PUBLISHED", "assignerShortName": "PureStorage", "dateReserved": "2024-12-04T17:41:50.416Z", "datePublished": "2025-06-10T17:29:43.451Z", "dateUpdated": "2025-06-11T14:42:30.846Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Purity"], "product": "FlashArray", "vendor": "Pure Storage", "versions": [{"changes": [{"at": "security-patch-fa-2025-A", "status": "unaffected"}], "lessThanOrEqual": "5.0.11", "status": "affected", "version": "5.0.0", "versionType": "cpe"}, {"changes": [{"at": "security-patch-fa-2025-A", "status": "unaffected"}], "lessThanOrEqual": "5.1.17", "status": "affected", "version": "5.1.1", "versionType": "cpe"}, {"changes": [{"at": "security-patch-fa-2025-A", "status": "unaffected"}], "lessThanOrEqual": "5.2.7", "status": "affected", "version": "5.2.0", "versionType": "cpe"}, {"changes": [{"at": "security-patch-fa-2025-A", "status": "unaffected"}], "lessThanOrEqual": "5.3.21", "status": "affected", "version": "5.3.0", "versionType": "cpe"}, {"changes": [{"at": "security-patch-fa-2025-A", "status": "unaffected"}], "lessThanOrEqual": "6.0.9", "status": "affected", "version": "6.0.0", "versionType": "cpe"}, {"changes": [{"at": "security-patch-fa-2025-A", "status": "unaffected"}], "lessThanOrEqual": "6.1.25", "status": "affected", "version": "6.1.0", "versionType": "cpe"}, {"changes": [{"at": "security-patch-fa-2025-A", "status": "unaffected"}], "lessThanOrEqual": "6.2.17", "status": "affected", "version": "6.2.0", "versionType": "cpe"}, {"changes": [{"at": "security-patch-fa-2025-A", "status": "unaffected"}], "lessThanOrEqual": "6.3.20", "status": "affected", "version": "6.3.0", "versionType": "cpe"}, {"changes": [{"at": "security-patch-fa-2025-A", "status": "unaffected"}], "lessThanOrEqual": "6.4.10", "status": "affected", "version": "6.4.0", "versionType": "cpe"}, {"changes": [{"at": "security-patch-fa-2025-A", "status": "unaffected"}], "lessThanOrEqual": "6.5.9", "status": "affected", "version": "6.5.0", "versionType": "cpe"}, {"changes": [{"at": "security-patch-fa-2025-A", "status": "unaffected"}], "lessThanOrEqual": "6.6.11", "status": "affected", "version": "6.6.0", "versionType": "cpe"}, {"changes": [{"at": "security-patch-fa-2025-A", "status": "unaffected"}], "lessThanOrEqual": "6.7.1", "status": "affected", "version": "6.7.0", "versionType": "cpe"}, {"changes": [{"at": "security-patch-fa-2025-A", "status": "unaffected"}], "lessThanOrEqual": "6.8.2", "status": "affected", "version": "6.8.0", "versionType": "cpe"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Improper input validation performed during the authentication process of FlashArray could lead to a system Denial of Service.</p>"}], "value": "Improper input validation performed during the authentication process of FlashArray could lead to a system Denial of Service."}], "impacts": [{"capecId": "CAPEC-130", "descriptions": [{"lang": "en", "value": "CAPEC-130 Excessive Allocation"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "3895c224-4e1d-482a-adb3-fa64795683ac", "shortName": "PureStorage", "dateUpdated": "2025-06-10T17:29:43.451Z"}, "references": [{"url": "https://support.purestorage.com/bundle/m_security_bulletins/page/Pure_Security/topics/concept/c_security_bulletins.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">CVE-2025-0051 is resolved in the following FlashArray //Purity versions:</span><ul><li><p>Purity//FA 6.5.10 or later</p></li><li><p>Purity//FA 6.7.2 or later</p></li><li><p>Purity//FA 6.8.3 or later</p></li></ul><br>or <br><br>apply <b>security-patch-fa-2025-A</b>"}], "value": "CVE-2025-0051 is resolved in the following FlashArray //Purity versions: * Purity//FA 6.5.10 or later\n\n\n * Purity//FA 6.7.2 or later\n\n\n * Purity//FA 6.8.3 or later\n\n\n\n\n\nor \n\napply security-patch-fa-2025-A"}], "source": {"discovery": "INTERNAL"}, "title": "FlashArray DOS Vulnerability", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-11T14:42:26.505856Z", "id": "CVE-2025-0051", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-11T14:42:30.846Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0051", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-11T14:42:26.505856Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-11T14:42:28.417Z"}}], "cna": {"title": "FlashArray DOS Vulnerability", "source": {"discovery": "INTERNAL"}, "impacts": [{"capecId": "CAPEC-130", "descriptions": [{"lang": "en", "value": "CAPEC-130 Excessive Allocation"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Pure Storage", "product": "FlashArray", "versions": [{"status": "affected", "changes": [{"at": "security-patch-fa-2025-A", "status": "unaffected"}], "version": "5.0.0", "versionType": "cpe", "lessThanOrEqual": "5.0.11"}, {"status": "affected", "changes": [{"at": "security-patch-fa-2025-A", "status": "unaffected"}], "version": "5.1.1", "versionType": "cpe", "lessThanOrEqual": "5.1.17"}, {"status": "affected", "changes": [{"at": "security-patch-fa-2025-A", "status": "unaffected"}], "version": "5.2.0", "versionType": "cpe", "lessThanOrEqual": "5.2.7"}, {"status": "affected", "changes": [{"at": "security-patch-fa-2025-A", "status": "unaffected"}], "version": "5.3.0", "versionType": "cpe", "lessThanOrEqual": "5.3.21"}, {"status": "affected", "changes": [{"at": "security-patch-fa-2025-A", "status": "unaffected"}], "version": "6.0.0", "versionType": "cpe", "lessThanOrEqual": "6.0.9"}, {"status": "affected", "changes": [{"at": "security-patch-fa-2025-A", "status": "unaffected"}], "version": "6.1.0", "versionType": "cpe", "lessThanOrEqual": "6.1.25"}, {"status": "affected", "changes": [{"at": "security-patch-fa-2025-A", "status": "unaffected"}], "version": "6.2.0", "versionType": "cpe", "lessThanOrEqual": "6.2.17"}, {"status": "affected", "changes": [{"at": "security-patch-fa-2025-A", "status": "unaffected"}], "version": "6.3.0", "versionType": "cpe", "lessThanOrEqual": "6.3.20"}, {"status": "affected", "changes": [{"at": "security-patch-fa-2025-A", "status": "unaffected"}], "version": "6.4.0", "versionType": "cpe", "lessThanOrEqual": "6.4.10"}, {"status": "affected", "changes": [{"at": "security-patch-fa-2025-A", "status": "unaffected"}], "version": "6.5.0", "versionType": "cpe", "lessThanOrEqual": "6.5.9"}, {"status": "affected", "changes": [{"at": "security-patch-fa-2025-A", "status": "unaffected"}], "version": "6.6.0", "versionType": "cpe", "lessThanOrEqual": "6.6.11"}, {"status": "affected", "changes": [{"at": "security-patch-fa-2025-A", "status": "unaffected"}], "version": "6.7.0", "versionType": "cpe", "lessThanOrEqual": "6.7.1"}, {"status": "affected", "changes": [{"at": "security-patch-fa-2025-A", "status": "unaffected"}], "version": "6.8.0", "versionType": "cpe", "lessThanOrEqual": "6.8.2"}], "platforms": ["Purity"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "CVE-2025-0051 is resolved in the following FlashArray //Purity versions: * Purity//FA 6.5.10 or later\n\n\n * Purity//FA 6.7.2 or later\n\n\n * Purity//FA 6.8.3 or later\n\n\n\n\n\nor \n\napply security-patch-fa-2025-A", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">CVE-2025-0051 is resolved in the following FlashArray //Purity versions:</span><ul><li><p>Purity//FA 6.5.10 or later</p></li><li><p>Purity//FA 6.7.2 or later</p></li><li><p>Purity//FA 6.8.3 or later</p></li></ul><br>or <br><br>apply <b>security-patch-fa-2025-A</b>", "base64": false}]}], "references": [{"url": "https://support.purestorage.com/bundle/m_security_bulletins/page/Pure_Security/topics/concept/c_security_bulletins.html"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Improper input validation performed during the authentication process of FlashArray could lead to a system Denial of Service.", "supportingMedia": [{"type": "text/html", "value": "<p>Improper input validation performed during the authentication process of FlashArray could lead to a system Denial of Service.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "3895c224-4e1d-482a-adb3-fa64795683ac", "shortName": "PureStorage", "dateUpdated": "2025-06-10T17:29:43.451Z"}}}, "cveMetadata": {"cveId": "CVE-2025-0051", "state": "PUBLISHED", "dateUpdated": "2025-06-11T14:42:30.846Z", "dateReserved": "2024-12-04T17:41:50.416Z", "assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac", "datePublished": "2025-06-10T17:29:43.451Z", "assignerShortName": "PureStorage"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper input validation performed during the authentication process of FlashArray could lead to a system Denial of Service."}, {"lang": "es", "value": "Una validaci\u00f3n de entrada incorrecta realizada durante el proceso de autenticaci\u00f3n de FlashArray podr\u00eda provocar una denegaci\u00f3n de servicio del sistema."}], "id": "CVE-2025-0051", "lastModified": "2025-06-12T16:06:29.520", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "psirt@purestorage.com", "type": "Secondary"}]}, "published": "2025-06-10T18:15:30.030", "references": [{"source": "psirt@purestorage.com", "url": "https://support.purestorage.com/bundle/m_security_bulletins/page/Pure_Security/topics/concept/c_security_bulletins.html"}], "sourceIdentifier": "psirt@purestorage.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "psirt@purestorage.com", "type": "Secondary"}]}