CVE-2025-27686

Summary

Dell Unisphere for PowerMax, version(s) prior to 10.2.0.9 and PowerMax version(s) prior to PowerMax 9.2.4.15, contain an Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.

Affected Software

VendorProductVersion RangeStatus
DellUnisphere for PowerMaxN/A < 9.2.4.15affected
DellUnisphere for PowerMaxN/A < 10.2.0.9affected

Weaknesses

  • CWE-90: CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References