CVE-2025-26336

Dell Chassis Management Controller Firmware for Dell PowerEdge FX2, version(s) prior to 2.40.200.202101130302, and Dell Chassis Management Controller Firmware for Dell PowerEdge VRTX version(s) prior to 3.41.200.202209300499, contain(s) a Stack-based Buffer Overflow vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Remote execution.

CVSS v3 8.3 HIGH

8.3^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000297463/dsa-2025-123-security-update-for-dell-chassis-management-controller-firmware-for-dell-poweredge-fx2-and-vrtx-vulnerabilities	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dell:chassis_management_controller_for_poweredge_fx2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:chassis_management_controller_for_poweredge_fx2:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:dell:chassis_management_controller_for_poweredge_vrtx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:chassis_management_controller_for_poweredge_vrtx:-:*:*:*:*:*:*:*

History

27 Mar 2025, 16:08

Type	Values Removed	Values Added
First Time		Dell Dell chassis Management Controller For Poweredge Vrtx Firmware Dell chassis Management Controller For Poweredge Vrtx Dell chassis Management Controller For Poweredge Fx2 Firmware Dell chassis Management Controller For Poweredge Fx2
CWE		CWE-787
Summary		(es) Dell Chassis Management Controller Firmware para Dell PowerEdge FX2, versiones anteriores a la 2.40.200.202101130302, y Dell Chassis Management Controller Firmware para Dell PowerEdge VRTX, versiones anteriores a la 3.41.200.202209300499, presentan una vulnerabilidad de desbordamiento de búfer basado en pila. Un atacante no autenticado con acceso remoto podría explotar esta vulnerabilidad, lo que provocaría una ejecución remota.
References	~~() https://www.dell.com/support/kbdoc/en-us/000297463/dsa-2025-123-security-update-for-dell-chassis-management-controller-firmware-for-dell-poweredge-fx2-and-vrtx-vulnerabilities -~~	() https://www.dell.com/support/kbdoc/en-us/000297463/dsa-2025-123-security-update-for-dell-chassis-management-controller-firmware-for-dell-poweredge-fx2-and-vrtx-vulnerabilities - Vendor Advisory
CPE		cpe:2.3:h:dell:chassis_management_controller_for_poweredge_fx2:-:::::::* cpe:2.3:h:dell:chassis_management_controller_for_poweredge_vrtx:-:::::::* cpe:2.3:o:dell:chassis_management_controller_for_poweredge_vrtx_firmware:::::::: cpe:2.3:o:dell:chassis_management_controller_for_poweredge_fx2_firmware::::::::

21 Mar 2025, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-21 03:15

Updated : 2025-03-27 16:08

NVD link : CVE-2025-26336

Mitre link : CVE-2025-26336

CVE.ORG link : CVE-2025-26336

JSON object : View

Products Affected

dell

chassis_management_controller_for_poweredge_fx2_firmware
chassis_management_controller_for_poweredge_fx2
chassis_management_controller_for_poweredge_vrtx_firmware
chassis_management_controller_for_poweredge_vrtx

CWE

CWE-121

Stack-based Buffer Overflow

CWE-787

Out-of-bounds Write

8.3 /10