CVE-2025-27686 | THREATINT

Description

Dell Unisphere for PowerMax, version(s) prior to 10.2.0.9 and PowerMax version(s) prior to PowerMax 9.2.4.15, contain an Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.

PUBLISHED Reserved 2025-03-05 | Published 2025-04-07 | Updated 2025-04-07 | Assigner dell

LOW: 2.7CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

Problem types

CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

Product status

Default status

unaffected

Any version before 9.2.4.15

affected

Any version before 10.2.0.9

affected

References

www.dell.com/...security-update-for-multiple-vulnerabilities vendor-advisory

cve.org (CVE-2025-27686)

nvd.nist.gov (CVE-2025-27686)

Download JSON