CVE-2025-15579

Summary

Deserialization of Untrusted Data vulnerability in OpenText™ Directory Services allows Object Injection. 

The vulnerability could lead to remote code execution, denial of service, or privilege escalation.

This issue affects Directory Services: before 24.4.16, from 25.1 before 25.1.9, from 25.2 before 25.2.9, from 25.3 before 25.3.8, from 25.4 before 25.4.5, from 26.1 before 26.1.2.

Affected Software

VendorProductVersion RangeStatus
OpenText™Directory Services0 < 24.4.16affected
OpenText™Directory Services25.1 < 25.1.9affected
OpenText™Directory Services25.2 < 25.2.9affected
OpenText™Directory Services25.3 < 25.3.8affected
OpenText™Directory Services25.4 < 25.4.5affected
OpenText™Directory Services26.1 < 26.1.2affected

Weaknesses

  • CWE-502: CWE-502 Deserialization of Untrusted Data

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References