CVE-2025-38742

Published: Aug 21, 2025Modified: Sep 10, 2025

5.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Exploitability: 1.8 / Impact: 3.4

Source: security_alert@emc.com (Secondary)

Description

Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

Affected (1)

Products: Dell: Emc Idrac Service Module

1 product

Emc Idrac Service Module

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dell Emc Idrac Service Module	Before 6.0.3.0

Related CWEs

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (1)

https://www.dell.com/support/kbdoc/en-us/000359617/dsa-2025-311-security-update-for-dell-idrac-service-module-vulnerabilities

Source: security_alert@emc.com

Vendor Advisory

Timeline

No history available yet.