Privilege Escalation in SnapCenter by NetApp
CVE-2025-26512

9.9CRITICAL

Key Information:

Vendor
Netapp
Status
Snapcenter
Vendor
CVE Published:
24 March 2025

Badges

📈 Score: 1,040👾 Exploit Exists📰 News Worthy

What is CVE-2025-26512?

CVE-2025-26512 is a vulnerability found in SnapCenter, a backup and recovery solution developed by NetApp designed to simplify and automate data protection tasks across various environments. This vulnerability affects earlier versions prior to 6.0.1P1 and 6.1P1 and allows an authenticated user of the SnapCenter Server to escalate their privileges, potentially gaining admin access on remote systems where the SnapCenter plug-in is installed. Such unauthorized access can lead to significant security risks for organizations, including the unauthorized alteration or destruction of critical data.

Technical Details

The vulnerability arises due to improper handling of user permissions within SnapCenter. Specifically, it allows an authenticated user to elevate their privileges without sufficient verification, thereby bypassing standard security controls. This flaw remains unpatched in versions before 6.0.1P1 and 6.1P1. The nature of the exploit requires that the attacker already have some level of authenticated access to the SnapCenter Server, making it a targeted issue rather than a broad-based remote attack.

Potential impact of CVE-2025-26512

  1. Unauthorized Access and Control: The ability for an authenticated user to gain admin privileges means they can manipulate backup settings, restore points, and other critical configurations, potentially leading to system misconfigurations or malicious data alterations.

  2. Data Breaches: As privileged access can facilitate extensive control over sensitive data, attackers could exploit this vulnerability to access, exfiltrate, or even delete confidential information, posing severe risks to organizational data integrity and compliance.

  3. Operational Disruption: The elevation of privileges can allow attackers to disrupt backup processes, disable security measures, or implement destructive actions, leading to significant downtimes and operational hurdles for organizations relying on SnapCenter for data protection.

Affected Version(s)

SnapCenter 0 < 6.0.1P1

SnapCenter 0 < 6.1P1

News Articles

favicon imageThe Cyber Express

CVE-2025-26512: Critical SnapCenter Security Risk

A critical vulnerability in NetApp SnapCenter CVE-2025-26512 exposes users to privilege escalation risks.

favicon imageThe Hacker News

NetApp SnapCenter Flaw Could Let Users Gain Remote Admin Access on Plug-In Systems

CVE-2025-26512 in NetApp SnapCenter scored 9.9 CVSS; patch required to prevent remote admin escalation.

favicon imageGBHackers News

Critical NetApp SnapCenter Server Vulnerability Allows Attackers to Gain Admin Access

A critical vulnerability has been identified in NetApp's SnapCenter Server, affecting versions before 6.0.1P1 and 6.1P1.

References

https://security.netapp.com/advisory/NTAP-20250324-0001

CVSS V3.1

Score:
9.9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by GBHackers News

  • Vulnerability published

.
CVE-2025-26512 : Privilege Escalation in SnapCenter by NetApp | SecurityVulnerability.io