MEDIUM✓ PATCH🇬🇧 English

CVE-2025-22397

CVSS 6.7v3.1pub. 2025-11-06upd. 2026-01-21

Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions 6.10.80.00 through 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior to 1.20.25.00, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H
  • Dell Idrac10

    HW
    Dell
    wszystkie wersje
  • Dell Idrac10 Firmware

    OS
    Dell
    < 1.20.25.00
  • Dell Idrac9

    HW
    Dell
    wszystkie wersje
  • Dell Idrac9 Firmware

    OS
    Dell
    6.10.80.00 – 7.00.00.181 (bez)7.00.00.183 – 7.20.10.50 (bez)
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
Path Traversal
CWE
Referencje

Powiązane podatności

CVE-2022-24422CRITICAL9.6ten sam produkt

Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerab...

CVE-2021-21538CRITICAL9.6ten sam produkt

Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00, contain an improper authentication vul...

CVE-2019-3705CRITICAL9.8ten sam produkt

Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior ...

CVE-2026-35155HIGH7.1ten sam produkt

Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerabili...

CVE-2024-25943HIGH7.6ten sam produkt

iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contai...