CVE-2025-15579
9.5
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:Y/R:U/V:C/RE:M/U:Red
Summary
Deserialization of Untrusted Data vulnerability in OpenText™ Directory Services allows Object Injection.
The vulnerability could lead to remote code execution, denial of service, or privilege escalation.
This issue affects Directory Services: before 24.4.16, from 25.1 before 25.1.9, from 25.2 before 25.2.9, from 25.3 before 25.3.8, from 25.4 before 25.4.5, from 26.1 before 26.1.2.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| OpenText™ | Directory Services | 0 < 24.4.16 | affected |
| OpenText™ | Directory Services | 25.1 < 25.1.9 | affected |
| OpenText™ | Directory Services | 25.2 < 25.2.9 | affected |
| OpenText™ | Directory Services | 25.3 < 25.3.8 | affected |
| OpenText™ | Directory Services | 25.4 < 25.4.5 | affected |
| OpenText™ | Directory Services | 26.1 < 26.1.2 | affected |
Weaknesses
- CWE-502: CWE-502 Deserialization of Untrusted Data
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.