PT-2025-12391 · Dell · Dell Chassis Management Controller Firmware

Published

2025-03-20

Updated

2025-03-27

CVE-2025-26336

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Dell Chassis Management Controller Firmware for Dell PowerEdge FX2 versions prior to 2.40.200.202101130302 Dell Chassis Management Controller Firmware for Dell PowerEdge VRTX versions prior to 3.41.200.202209300499

Description The issue is a Stack-based Buffer Overflow vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Remote execution.

Recommendations For Dell Chassis Management Controller Firmware for Dell PowerEdge FX2 versions prior to 2.40.200.202101130302, update to version 2.40.200.202101130302 or later. For Dell Chassis Management Controller Firmware for Dell PowerEdge VRTX versions prior to 3.41.200.202209300499, update to version 3.41.200.202209300499 or later.

Fix

RCE

Memory Corruption

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-121

Related Identifiers

BDU:2025-03221

CVE-2025-26336

Affected Products

Dell Chassis Management Controller Firmware

PT-2025-12391 · Dell · Dell Chassis Management Controller Firmware

CVE-2025-26336

Weakness Enumeration

Related Identifiers

Affected Products

References · 11