Improper Input Validation Vulnerability in Dell ECS Products
CVE-2025-26477

4.3MEDIUM

Key Information:

Vendor: Dell
Status: Ecs
Vendor: CVE Published:; 17 April 2025

What is CVE-2025-26477?

Dell ECS versions up to 3.8.1.4 are affected by a vulnerability that allows low privileged attackers with remote access to exploit improper input validation. This can potentially lead to unauthorized code execution, posing significant security risks. Organizations using these versions should ensure they apply security updates promptly to mitigate this threat.

Affected Version(s)

ECS < 4.0

References

https://www.dell.com/support/kbdoc/en-in/000300068/dsa-20...

vendor-advisory

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2025
Vulnerability Reserved
Feb 11, 2025