CVE-2025-27686

Dell Unisphere for PowerMax, version(s) prior to 10.2.0.9 and PowerMax version(s) prior to PowerMax 9.2.4.15, contain an Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.

CVSS v3 2.7 LOW

2.7^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-ao/000302223/dsa-2025-111-dell-powermaxos-dell-powermax-eem-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtual-appliance-dell-unisphere-360-dell-solutions-enabler-and-dell-solutions-enabler-virtual-appliance-security-update-for-multiple-vulnerabilities	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:dell:unisphere_for_powermax::::::::
	cpe:2.3:a:dell:unisphere_for_powermax::::::::

History

No history.

Information

Published : 2025-04-07 14:15

Updated : 2026-01-12 19:02

NVD link : CVE-2025-27686

Mitre link : CVE-2025-27686

CVE.ORG link : CVE-2025-27686

JSON object : View

Products Affected

dell

unisphere_for_powermax

CWE

CWE-90

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

NVD-CWE-Other

{"id": "CVE-2025-27686", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.2}]}, "published": "2025-04-07T14:15:24.210", "references": [{"url": "https://www.dell.com/support/kbdoc/en-ao/000302223/dsa-2025-111-dell-powermaxos-dell-powermax-eem-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtual-appliance-dell-unisphere-360-dell-solutions-enabler-and-dell-solutions-enabler-virtual-appliance-security-update-for-multiple-vulnerabilities", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-90"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Dell Unisphere for PowerMax, version(s) prior to 10.2.0.9 and PowerMax version(s) prior to PowerMax 9.2.4.15, contain an Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection."}, {"lang": "es", "value": "Dell Unisphere para PowerMax, versiones anteriores a la 10.2.0.9 y versiones anteriores a la 9.2.4.15, presenta una vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una consulta LDAP (inyecci\u00f3n LDAP). Un atacante con privilegios elevados y acceso remoto podr\u00eda explotar esta vulnerabilidad, lo que provocar\u00eda una inyecci\u00f3n de scripts."}], "lastModified": "2026-01-12T19:02:51.677", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:unisphere_for_powermax:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5448266B-542C-44B6-A5F9-B64B76627BCD", "versionEndExcluding": "9.2.4.15"}, {"criteria": "cpe:2.3:a:dell:unisphere_for_powermax:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC1A0D23-5C38-4ED7-A02E-C40287372C61", "versionEndExcluding": "10.2.0.9", "versionStartIncluding": "10.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}