CVE-2025-9195 is a medium-severity vulnerability identified in the firmware of certain Solidigm DC (Data Center) products, specifically the D7-PS1010 and D7-PS1030 models with affected firmware versions G75YG100 and G75YG150 (PRQ3 CPC). The root cause of this vulnerability is improper input validation (CWE-20) within the device firmware. Improper input validation means that the firmware does not adequately verify or sanitize inputs it receives, which can lead to unexpected behavior. In this case, an attacker with local access to the device can exploit this flaw to cause a Denial of Service (DoS) condition. The CVSS 3.1 base score is 4.4, indicating a medium severity level. The vector string (AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) reveals that the attack requires local access (AV:L), low attack complexity (AC:L), and high privileges (PR:H) but no user interaction (UI:N). The impact is limited to availability (A:H) with no confidentiality or integrity impact. There are no known exploits in the wild at this time, and no patches have been linked yet. The vulnerability affects firmware versions reserved and published in August 2025, indicating it is a recent discovery. The affected products are enterprise-grade SSDs used in data center environments, meaning the vulnerability could disrupt storage availability if exploited. Since the attack requires local access and high privileges, exploitation is likely limited to insiders or attackers who have already compromised the host environment. However, the potential for causing storage unavailability could impact critical applications relying on these drives.

For European organizations, the impact of CVE-2025-9195 depends largely on the deployment of Solidigm D7-PS1010/D7-PS1030 SSDs within their data centers. These drives are designed for high-performance enterprise storage, so organizations using them in critical infrastructure, cloud services, or large-scale data processing environments could face service disruptions if the vulnerability is exploited. The Denial of Service could lead to temporary loss of access to stored data, affecting business continuity, especially in sectors like finance, telecommunications, and public services where data availability is paramount. Since the vulnerability requires local privileged access, the risk is mitigated somewhat by existing access controls, but insider threats or lateral movement by attackers within networks could still trigger exploitation. The lack of confidentiality or integrity impact reduces concerns about data breaches or corruption, but availability issues alone can cause significant operational and reputational damage. Additionally, the absence of known exploits and patches means organizations must proactively monitor and prepare for potential future attacks.

European organizations should take several specific steps to mitigate this vulnerability beyond generic advice: 1) Inventory and identify all Solidigm D7-PS1010/D7-PS1030 drives in their infrastructure and verify firmware versions to assess exposure. 2) Restrict and monitor local administrative access to hosts using these drives, employing strict access controls and privileged access management to reduce the risk of exploitation. 3) Implement enhanced logging and anomaly detection focused on storage device interactions to detect unusual behavior indicative of attempted exploitation. 4) Coordinate with Solidigm for firmware updates or patches as they become available and plan timely deployment to affected systems. 5) Develop and test incident response plans specifically addressing storage device DoS scenarios to minimize downtime. 6) Consider network segmentation and isolation of critical storage systems to limit lateral movement opportunities for attackers. 7) Engage with hardware vendors and security communities to stay informed about emerging exploits or mitigation techniques related to this vulnerability.