LDAP Injection Vulnerability in Dell PowerMax and Unisphere
CVE-2025-27686

2.7LOW

Key Information:

Vendor: Dell
Status: Unisphere For Powermax
Vendor: CVE Published:; 7 April 2025

Summary

Dell Unisphere for PowerMax and PowerMax products prior to specified versions are susceptible to an LDAP injection vulnerability. A malicious actor with high privileges and remote access may manipulate LDAP queries, potentially leading to unauthorized access and script injection within affected systems. It is essential for users to update their deployments to mitigate this risk and protect sensitive data.

Affected Version(s)

Unisphere for PowerMax < 9.2.4.15

Unisphere for PowerMax < 10.2.0.9

References

https://www.dell.com/support/kbdoc/en-ao/000302223/dsa-20...

vendor-advisory

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 7, 2025
Vulnerability Reserved
Mar 5, 2025