Reflected Cross-Site Scripting Vulnerability in StorageGRID by NetApp
CVE-2025-26514

6.4MEDIUM

Key Information:

Vendor: Netapp
Status: Storagegrid
Vendor: CVE Published:; 19 September 2025

What is CVE-2025-26514?

Certain versions of StorageGRID, specifically those before 11.8.0.15 and 11.9.0.8, are impacted by a Reflected Cross-Site Scripting vulnerability. This flaw allows an attacker to potentially view or modify critical configuration settings or to manipulate user accounts. To successfully exploit this vulnerability, the attacker must possess specific knowledge about the target instance and deceive a privileged user into interacting with a malicious link.

Affected Version(s)

StorageGRID 0 < 11.8.0.15

StorageGRID 0 < 11.9.0.8

References

https://security.netapp.com/advisory/NTAP-20250910-0001

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 19, 2025
Vulnerability Reserved
Feb 11, 2025

Netapp

What is CVE-2025-26514?

Affected Version(s)

References

CVSS V3.1

Timeline