CVE-2025-36589XML External Entity (XXE) Injection in Dell Unisphere FOR Powermax

CWE-611XML External Entity (XXE) Injection3 documents3 sources
Severity
7.1HIGHNVD
CNA7.6
EPSS
0.1%
top 76.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dell Unisphere FOR PowermaxDell Unisphere FOR Powermax Virtual Appliance
Timeline
PublishedJan 6

Description

Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to data and resources outside of the intended sphere of control.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:NExploitability: 2.8 | Impact: 4.2

Affected Packages2 packages

CVEListV5dell/unisphere_for_powermaxN/A9.2.4.19
NVDdell/unisphere9.2.4.179.2.4.19+1

🔴Vulnerability Details

2
CVEList
CVE-2025-36589: Dell Unisphere for PowerMax, version(s) 92026-01-06
GHSA
GHSA-mjf9-xjp8-6cr8: Dell Unisphere for PowerMax, version(s) 92026-01-06
CVE-2025-36589 — XML External Entity (XXE) Injection | cvebase