CVE-2025-21111
Published: 08 January 2025
Description
Dell VxRail, versions 8.0.000 through 8.0.311, contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.
Security Summary
CVE-2025-21111 is a Plaintext Storage of a Password vulnerability affecting Dell VxRail systems in versions 8.0.000 through 8.0.311. This flaw, mapped to CWE-256 (Plaintext Storage of a Password) and CWE-522 (Insufficiently Protected Credentials), involves the insecure storage of sensitive credentials in plaintext within the affected component.
A high-privileged attacker with local access could potentially exploit this vulnerability, as indicated by its CVSS v3.1 base score of 7.5 (AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). Successful exploitation would lead to information exposure, with high impacts on confidentiality, integrity, and availability in a scoped attack scenario.
Dell has issued DSA-2025-025, a security update addressing multiple vulnerabilities in VxRail, including CVE-2025-21111. Practitioners should refer to the advisory at https://www.dell.com/support/kbdoc/en-us/000269958/dsa-2025-025-security-update-for-dell-vxrail-for-multiple-vulnerabilities for details on patches and mitigation steps.
Details
- CWE(s)