CVE-2025-26512

Name of the Vulnerable Software and Affected Versions SnapCenter versions prior to 6.0.1P1 and 6.1P1

Description A critical flaw in NetApp SnapCenter may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed. This issue affects enterprise backups and is not niche, as SnapCenter powers these backups. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations Update to version 6.0.1P1 or 6.1P1 to resolve the issue. As a temporary workaround, consider restricting access to the SnapCenter plug-in on remote systems until a patch is applied. Avoid using the SnapCenter Server with affected versions on systems where elevated privileges could be exploited.