Description
A flaw exists in FlashArray whereby the Key Encryption Key (KEK) is logged during key rotation when RDL is configured.
Scores
CVSS v4
5.1
EPSS
0.0019
EPSS Percentile
41.0%
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-532
Status
published
Products (9)
Pure Storage/FlashArray
6.0.0 - 6.0.9
Pure Storage/FlashArray
6.1.0 - 6.1.25
Pure Storage/FlashArray
6.2.0 - 6.2.17
Pure Storage/FlashArray
6.3.0 - 6.3.21
Pure Storage/FlashArray
6.4.0 - 6.4.10
Pure Storage/FlashArray
6.5.0 - 6.5.10
Pure Storage/FlashArray
6.6.0 - 6.6.11
Pure Storage/FlashArray
6.7.0 - 6.7.3
Pure Storage/FlashArray
6.8.0 - 6.8.5
Published
Jun 16, 2025
Tracked Since
Feb 18, 2026