CVE-2025-21102
Published: 08 January 2025
Description
Dell VxRail, versions 7.0.000 through 7.0.532, contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.
Security Summary
CVE-2025-21102 is a Plaintext Storage of a Password vulnerability affecting Dell VxRail in versions 7.0.000 through 7.0.532. Published on 2025-01-08, this issue corresponds to CWE-256 (Plaintext Storage of a Password) and CWE-522 (Insufficiently Protected Credentials), with a CVSS v3.1 base score of 7.5 (AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).
A high-privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure. The attack requires local access, high attack complexity, and high privileges, with no user interaction needed; successful exploitation changes scope and results in high impacts to confidentiality, integrity, and availability.
Dell has issued security advisory DSA-2025-027, detailed in KB article 000269793, providing a security update for this and multiple other vulnerabilities in VxRail. Practitioners should review the advisory at https://www.dell.com/support/kbdoc/en-us/000269793/dsa-2025-027-security-update-for-dell-vxrail-for-multiple-vulnerabilities?ref=emcadvisory_000269793_High_null for patching instructions and mitigation guidance.
Details
- CWE(s)