CVE-2025-9195 is a vulnerability identified in the firmware of certain Solidigm DC series products, specifically the D7-PS1010 and D7-PS1030 models with firmware versions G75YG100 and G75YG150 (PRQ3 CPC). The root cause is improper input validation (CWE-20) within the device firmware, which can be exploited by an attacker who has local access to the device. This improper validation flaw allows the attacker to trigger a Denial of Service (DoS) condition, impacting the availability of the storage device. The vulnerability does not affect confidentiality or integrity but solely impacts availability. The CVSS 3.1 base score is 4.4 (medium severity), with the vector indicating local attack vector (AV:L), low attack complexity (AC:L), high privileges required (PR:H), no user interaction (UI:N), unchanged scope (S:U), and impact limited to availability (A:H). No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability requires the attacker to have high privileges locally, which suggests that remote exploitation is not feasible without prior compromise. The affected devices are enterprise-grade Solidigm DC SSDs, typically used in data centers and enterprise storage environments.

For European organizations, the primary impact of this vulnerability is the potential disruption of critical storage infrastructure, leading to denial of service conditions on affected Solidigm D7-PS1010 and D7-PS1030 SSDs. This can result in downtime for applications relying on these drives, potentially affecting business continuity, especially in data centers, cloud service providers, and enterprises with heavy storage demands. Although the vulnerability does not compromise data confidentiality or integrity, the loss of availability can cause operational delays, financial losses, and reputational damage. Organizations with strict uptime requirements, such as financial institutions, healthcare providers, and critical infrastructure operators, may face significant challenges if these devices are exploited. The requirement for local high-privilege access limits the risk to insider threats or attackers who have already gained elevated access, but it still necessitates vigilance in access control and monitoring.

1. Implement strict physical and logical access controls to prevent unauthorized local access to systems housing Solidigm D7-PS1010/D7-PS1030 SSDs. 2. Monitor and audit privileged user activities to detect any anomalous behavior that might indicate attempts to exploit this vulnerability. 3. Segregate and harden management interfaces and consoles to reduce the risk of privilege escalation leading to local high-privilege access. 4. Maintain up-to-date firmware by closely following Solidigm’s advisories and applying patches promptly once available. 5. Employ redundancy and failover mechanisms in storage architectures to minimize the impact of potential DoS conditions on individual drives. 6. Conduct regular vulnerability assessments and penetration testing focusing on local privilege escalation and input validation weaknesses in storage firmware. 7. Educate system administrators and security teams about this vulnerability to ensure rapid detection and response to suspicious activities involving these SSDs.