CVE-2025-36595

Dell Unisphere for PowerMax vApp, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000337554/dsa-2025-235-dell-powermaxos-dell-powermax-eem-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtual-appliance-dell-unisphere-360-dell-solutions-enabler-and-dell-solutions-enabler-virtual-appliance-security-update-for-multiple-vulnerabilit

Configurations

No configuration.

History

30 Jun 2025, 18:38

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-27 14:15

Updated : 2025-06-30 18:38

NVD link : CVE-2025-36595

Mitre link : CVE-2025-36595

CVE.ORG link : CVE-2025-36595

JSON object : View

Products Affected

No product.

CWE

CWE-96

Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')

7.2 /10