CVSS: 8.3EPSS: 0%CPEs: 7EXPL: 0CVE-2025-0052 – FlashBlade DOS Vulnerability
https://notcve.org/view.php?id=CVE-2025-0052
10 Jun 2025 — Improper input validation performed during the authentication process of FlashBlade could lead to a system Denial of Service. • https://support.purestorage.com/bundle/m_security_bulletins/page/Pure_Security/topics/concept/c_security_bulletins.html • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 19EXPL: 0CVE-2024-0005
https://notcve.org/view.php?id=CVE-2024-0005
23 Sep 2024 — A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration. • https://purestorage.com/security • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-4976 – FlashBlade Authentication Mechanism Vulnerability
https://notcve.org/view.php?id=CVE-2023-4976
17 Jul 2024 — A flaw exists in Purity//FB whereby a local account is permitted to authenticate to the management interface using an unintended method that allows an attacker to gain privileged access to the array. Existe una falla en Purity//FB por la cual se permite que una cuenta local se autentique en la interfaz de administración utilizando un método no deseado que permite a un atacante obtener acceso privilegiado a la matriz. A flaw exists in FlashBlade whereby a local account is permitted to authenticate to the man... • https://purestorage.com/security • CWE-269: Improper Privilege Management •