CVE-2025-26336
Published: 21 March 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-26336 is a Stack-based Buffer Overflow vulnerability (CWE-121, CWE-787) affecting Dell Chassis Management Controller Firmware for Dell PowerEdge FX2 in versions prior to 2.40.200.202101130302 and for Dell PowerEdge VRTX in versions prior to 3.41.200.202209300499. Published on 2025-03-21, it carries a CVSS v3.1 base score of 8.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H), indicating high severity due to its potential for significant impact.
An unauthenticated attacker with remote network access can exploit this vulnerability, which requires user interaction to trigger. Successful exploitation could lead to remote code execution, granting high confidentiality impact, low integrity impact, and high availability impact without changing scope.
Dell's security advisory DSA-2025-123 addresses this issue and related vulnerabilities in the Chassis Management Controller Firmware. It recommends updating to version 2.40.200.202101130302 or later for PowerEdge FX2 and 3.41.200.202209300499 or later for PowerEdge VRTX. Full details are available at https://www.dell.com/support/kbdoc/en-us/000297463/dsa-2025-123-security-update-for-dell-chassis-management-controller-firmware-for-dell-poweredge-fx2-and-vrtx-vulnerabilities.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Remote stack-based buffer overflow in network-accessible Chassis Management Controller firmware directly enables exploitation of a public-facing application for unauthenticated remote code execution.