FlashBlade DOS Vulnerability

Security Bulletins

Audience
Public
Product
FlashBlade
FlashArray
FlashBlade > Purity//FB
FlashArray > Purity//FA
Portworx
Source Type
Documentation

Please contact psirt@purestorage.com or via Slack #psirt-request with any questions or concerns.

Note:

For current remediation status refer to ATOM Dashboard.

Summary

Improper input validation performed during the authentication process of FlashBlade could lead to a system "Denial of Service”.

CVE Base CVSS 4.0 Score Severity Vector
CVE-2025-0052 8.3 High CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
The impacted Purity versions are:
  • Purity//FB 3.3.0 - 3.3.11 (EOL)

  • Purity//FB 4.0.0 - 4.0.6 (EOL)

  • Purity//FB 4.1.0 - 4.1.20

  • Purity//FB 4.2.0 - 4.2.3 (EOL)

  • Purity//FB 4.3.0 - 4.3.12

  • Purity//FB 4.4.0 - 4.4.6

  • Purity//FB 4.5.0 - 4.5.2
    Note: If you are on an EOL Purity version, we highly recommend upgrading to a supported version to remediate this vulnerability.

Corrective Action

Affected customers will need to apply a self-service patch or upgrade their Purity to an unaffected Purity version.

The above vulnerability (CVE-2025-0052) is resolved in the following FlashBlade //Purity versions:
  • Purity//FB 4.3.13 or later

  • Purity//FB 4.4.7 or later

  • Purity//FB 4.5.3 or later

Customers on End-Of-Life (EOL) Purity versions are highly encouraged to upgrade to a supported version which contains the above fix.

Mitigating Controls/Corrective Action

Follow network security best practices
  • Restrict array access to only trusted users. Everpure strongly encourages the widely-endorsed best practice of highly restricting -- if not blocking altogether -- Internet access to management interfaces
  • Closely monitor arrays for abnormal or unexpected workload/ IO spikes or utilization as a leading indicator

  • Enable edge detection/protection mechanisms in the firewall / IDS / IPS systems to detect anomalous access or traffic patterns

  • In FlashBlade //Purity version 4.4.0 onward, network policies can be configured to ensure only users from trusted IPs can access the array

Contacting Support

If you need assistance with this issue, please call Technical Services at +1 866-244-7121. If calling from outside the US, please select from the list of phone numbers here: Contact Us.

Note: Remediation options:
  1. Apply a Pure1 online, self-service opt-in security patch bundle (preferred method).
  2. Purity upgrade to an unaffected Purity release.

The above issue is resolved in the following minimum FlashBlade Purity:
  • Purity//FB 4.3.13 or later

  • Purity//FB 4.4.7 or later

  • Purity//FB 4.5.3 or later

Support Escalation - How To Escalate a Case

Please see Customer Escalation Procedures & Contact Pure Security for additional information.