CVE-2025-30103 is a vulnerability identified in Dell SmartFabric OS10 Software versions prior to 10.6.0.5. The issue is categorized under CWE-552, which pertains to files or directories being accessible to external parties. Specifically, this vulnerability allows a low-privileged attacker with local access to the affected system to gain unauthorized access to the filesystem. The vulnerability does not require user interaction and does not allow modification or disruption of system integrity or availability, but it does compromise confidentiality by exposing sensitive files or directories that should be restricted. The CVSS v3.1 base score is 5.5 (medium severity), with vector metrics indicating local attack vector (AV:L), low attack complexity (AC:L), low privileges required (PR:L), no user interaction (UI:N), unchanged scope (S:U), high confidentiality impact (C:H), no integrity impact (I:N), and no availability impact (A:N). This means an attacker who already has some local access to the device can exploit the vulnerability to read sensitive files, potentially leading to information disclosure. No known exploits are currently reported in the wild, and no patches are linked yet, indicating that mitigation may rely on vendor updates or configuration changes once available. The vulnerability affects Dell SmartFabric OS10 Software, which is a network operating system used primarily in data center and enterprise networking environments to manage switches and fabric infrastructure.

For European organizations, the impact of this vulnerability can be significant, especially for enterprises and service providers relying on Dell SmartFabric OS10 in their network infrastructure. Exposure of sensitive filesystem data could lead to leakage of configuration files, credentials, or other critical information that attackers could leverage for further attacks or lateral movement within the network. This is particularly concerning for sectors with stringent data protection requirements such as finance, healthcare, and government institutions in Europe. While the vulnerability requires local access, this could be achieved through compromised internal systems or insider threats. The confidentiality breach could undermine compliance with GDPR and other data protection regulations, potentially resulting in legal and financial repercussions. Since the vulnerability does not affect integrity or availability directly, immediate operational disruption is unlikely, but the information disclosure risk remains a serious concern.

Organizations should prioritize upgrading Dell SmartFabric OS10 Software to version 10.6.0.5 or later once the patch is released by Dell. Until then, practical mitigations include restricting local access to devices running the affected software by enforcing strict physical and logical access controls, such as network segmentation, role-based access controls, and multi-factor authentication for administrative access. Monitoring and logging local access attempts can help detect suspicious activities early. Additionally, organizations should audit filesystem permissions and configurations to ensure sensitive files are not unnecessarily exposed. Employing host-based intrusion detection systems (HIDS) to monitor filesystem access patterns may provide early warning of exploitation attempts. Regular security training for personnel with local access can reduce the risk of insider threats exploiting this vulnerability.