CVE-2025-27686

Published: Apr 7, 2025Modified: Jan 12, 2026

4.7

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Exploitability: 1.2 / Impact: 3.4

Source: NVD

Description

Dell Unisphere for PowerMax, version(s) prior to 10.2.0.9 and PowerMax version(s) prior to PowerMax 9.2.4.15, contain an Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.

Affected (2)

Products: Dell: Unisphere For Powermax

1 product

Unisphere For Powermax

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Dell Unisphere For Powermax	Before 9.2.4.15
Dell Unisphere For Powermax	From 10.0.0 to 10.2.0.9

Related CWEs

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

The product constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component.

References (1)

https://www.dell.com/support/kbdoc/en-ao/000302223/dsa-2025-111-dell-powermaxos-dell-powermax-eem-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtual-appliance-dell-unisphere-360-dell-solutions-enabler-and-dell-solutions-enabler-virtual-appliance-security-update-for-multiple-vulnerabilities

Source: security_alert@emc.com

Vendor Advisory

Timeline

No history available yet.