Deserialization Vulnerability in OpenText Directory Services
CVE-2025-15579
9.5CRITICAL
What is CVE-2025-15579?
A deserialization vulnerability in OpenText™ Directory Services allows for object injection, enabling potential attackers to exploit the system. This could result in remote code execution, denial of service, or privilege escalation. The vulnerability affects multiple versions of Directory Services, starting from 10.5 up to 26.1, presenting significant security risks to users if not addressed promptly.
Affected Version(s)
Directory Services 0 < 24.4.16
Directory Services 25.1 < 25.1.9
Directory Services 25.2 < 25.2.9
References
CVSS V4
Score:
9.5
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Dylan Pindur - Assetnote
Adam Kues - Assetnote
Tomais Williamson - Assetnote