CVEFinder.io

CVE-2025-26512

⛔ critical
🔍 Scan for this CVE
Summary

SnapCenter versions prior to 6.0.1P1 and 6.1P1 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed.

CVSS Score
9.9
Critical
EPSS Score
0.1
Exploit Probability
Published Date
2025-03-24
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Extremely High Risk - more severe than 98.1% of all 329,456 vulnerabilities in our database.

#6,257
Top 5% most severe
Severity Percentile
🎯 CISA SSVC Assessment Updated: Mar 25, 2025
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2026-01-16
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-266

📦 Affected Products 3

Vendor Product Status Affected Versions
netapp snapcenter Affected
< 6.0.1
netapp snapcenter Affected
v6.0.1
netapp snapcenter Affected
v6.1

🔗 References 2

https://security.netapp.com/advisory/NTAP-20250324-0001
Vendor Advisory
https://security.netapp.com/advisory/ntap-20250324-0...
Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2025-21583 🔶 medium 4.9 0.1 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affecte... 2025-04-15
CVE-2025-30722 🔶 medium 5.3 0.1 Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are a... 2025-04-15
CVE-2024-47554 🔶 medium 4.3 0.2 Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader c... 2024-10-03
CVE-2024-21993 🔶 medium 5.7 0.1 SnapCenter versions prior to 5.0p1 are susceptible to a vulnerability which could allow an authenticated attacker to di... 2024-07-09
CVE-2024-20993 🔶 medium 4.9 0.2 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are a... 2024-04-16
CVE-2024-20994 🔶 medium 5.3 0.4 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions t... 2024-04-16
These CVEs affect the same products