CVE-2025-26336
 
Severity Score
8.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
Dell Chassis Management Controller Firmware for Dell PowerEdge FX2, version(s) prior to 2.40.200.202101130302, and Dell Chassis Management Controller Firmware for Dell PowerEdge VRTX version(s) prior to 3.41.200.202209300499, contain(s) a Stack-based Buffer Overflow vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Remote execution.
*Credits:
Dell would like to thank Aliz Hammond of watchTowr for reporting these issues
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2025-02-07 CVE Reserved
- 2025-03-21 CVE Published
- 2025-03-21 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-121: Stack-based Buffer Overflow
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Dell Search vendor "Dell" | Dell Chassis Management Controller (CMC) For Dell PowerEdge FX2 Search vendor "Dell" for product "Dell Chassis Management Controller (CMC) For Dell PowerEdge FX2" | < 2.40.200.202101130302 Search vendor "Dell" for product "Dell Chassis Management Controller (CMC) For Dell PowerEdge FX2" and version " < 2.40.200.202101130302" | en |
Affected
| ||||||
Dell Search vendor "Dell" | Dell Chassis Management Controller (CMC) For PowerEdge VRTX Search vendor "Dell" for product "Dell Chassis Management Controller (CMC) For PowerEdge VRTX" | < 3.41.200.202209300499 Search vendor "Dell" for product "Dell Chassis Management Controller (CMC) For PowerEdge VRTX" and version " < 3.41.200.202209300499" | en |
Affected
|