cbcvebase.
CVE-2025-15579
published 2026-02-18

CVE-2025-15579: Deserialization of Untrusted Data vulnerability in OpenText™ Directory Services allows Object Injection. The vulnerability could lead to remote code execution…

PriorityP258critical9.5CVSS 4.0
AVNACHATNPRNUINVCHVIHVAHSCHSIHSAHEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSPAUYRUVCREMURed
EPSS
0.33%
24.6th percentile
Deserialization of Untrusted Data vulnerability in OpenText™ Directory Services allows Object Injection. The vulnerability could lead to remote code execution, denial of service, or privilege escalation. This issue affects Directory Services: before 24.4.16, from 25.1 before 25.1.9, from 25.2 before 25.2.9, from 25.3 before 25.3.8, from 25.4 before 25.4.5, from 26.1 before 26.1.2.

Affected

6 ranges
VendorProductVersion rangeFixed in
opentextdirectory_services< 24.4.1624.4.16
opentextdirectory_services>= 25.1 < 25.1.925.1.9
opentextdirectory_services>= 25.2 < 25.2.925.2.9
opentextdirectory_services>= 25.3 < 25.3.825.3.8
opentextdirectory_services>= 25.4 < 25.4.525.4.5
opentextdirectory_services>= 26.1 < 26.1.226.1.2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.