CVE-2025-26515
published 2025-09-19CVE-2025-26515: StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 without Single Sign-on enabled are susceptible to a Server-Side Request…
high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
StorageGRID (formerly
StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 without
Single Sign-on enabled are susceptible to a Server-Side Request Forgery
(SSRF) vulnerability. Successful exploit could allow an unauthenticated
attacker to change the password of any Grid Manager or Tenant Manager
non-federated user.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| netapp | storagegrid | < 11.9.0.8 | 11.9.0.8 |
| netapp | storagegrid | < 11.8.0.15 | 11.8.0.15 |
| netapp | storagegrid | >= 11.9.0 < 11.9.0.8 | 11.9.0.8 |