CVE-2025-22397

Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions 6.10.80.00 through 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior to 1.20.25.00, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 5.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000384516/dsa-2025-376-security-update-for-dell-idrac9-and-idrac10-vulnerabilities	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:dell:idrac9_firmware::::::::
	cpe:2.3:o:dell:idrac9_firmware::::::::

cpe:2.3:h:dell:idrac9:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:dell:idrac10_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:idrac10:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-11-06 19:15

Updated : 2026-01-21 20:07

NVD link : CVE-2025-22397

Mitre link : CVE-2025-22397

CVE.ORG link : CVE-2025-22397

JSON object : View

Products Affected

dell

idrac10_firmware
idrac9_firmware
idrac9
idrac10

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2025-22397", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2025-11-06T19:15:41.153", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000384516/dsa-2025-376-security-update-for-dell-idrac9-and-idrac10-vulnerabilities", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions 6.10.80.00 through 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior to 1.20.25.00, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access."}], "lastModified": "2026-01-21T20:07:45.430", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:idrac9_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFA88EBF-1790-472B-BCF7-6D0C52AE8FBD", "versionEndExcluding": "7.00.00.181", "versionStartIncluding": "6.10.80.00"}, {"criteria": "cpe:2.3:o:dell:idrac9_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FD8EDE3-C72D-40B8-9260-DC8A00748F0B", "versionEndExcluding": "7.20.10.50", "versionStartIncluding": "7.00.00.183"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:idrac9:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BD8B684E-092F-496C-9D94-51CCD1F3575A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:idrac10_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0362FAE2-88A8-4FB0-B985-BD8FE569D214", "versionEndExcluding": "1.20.25.00"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:idrac10:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5BFCEF7B-7BE5-49C4-9206-C8417174E313"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security_alert@emc.com"}