CVE-2025-27686LDAP Injection in Dell Unisphere FOR Powermax

CWE-90LDAP Injection3 documents3 sources
Severity
4.7MEDIUMNVD
CNA2.7
EPSS
0.3%
top 46.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Dell Unisphere FOR Powermax
Timeline
PublishedApr 7

Description

Dell Unisphere for PowerMax, version(s) prior to 10.2.0.9 and PowerMax version(s) prior to PowerMax 9.2.4.15, contain an Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:LExploitability: 1.2 | Impact: 3.4

Affected Packages2 packages

CVEListV5dell/unisphere_for_powermaxN/A9.2.4.15+1
NVDdell/unisphere10.0.010.2.0.9+1

🔴Vulnerability Details

2
CVEList
CVE-2025-27686: Dell Unisphere for PowerMax, version(s) prior to 102025-04-07
GHSA
GHSA-qw6j-957m-52hg: Dell Unisphere for PowerMax, version(s) prior to 102025-04-07
CVE-2025-27686 — LDAP Injection in Dell | cvebase