CVE-2025-26512

CWE-2663 documents3 sources
Severity
9.9CRITICAL
EPSS
0.1%
top 69.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Netapp Snapcenter
Timeline
PublishedMar 24
Latest updateMar 25

Description

SnapCenter versions prior to 6.0.1P1 and 6.1P1 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 3.1 | Impact: 6.0

Affected Packages2 packages

CVEListV5netapp/snapcenter< 6.0.1P1+1
NVDnetapp/snapcenter< 6.0.1+2

🔴Vulnerability Details

2
GHSA
GHSA-98xh-6hr4-2qwh: SnapCenter versions prior to 62025-03-25
CVEList
CVE-2025-26512 Privilege Escalation Vulnerability in SnapCenter2025-03-24
CVE-2025-26512 (CRITICAL CVSS 9.9) | SnapCenter versions prior to 6.0.1P | cvebase.io