PT-2026-20435 · Opentext · Opentext Directory Services

Published

2026-02-18

Updated

2026-02-27

CVE-2025-15579

CVSS v4.0

9.5

Critical

Vector

AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:Y/R:U/V:C/RE:M/U:Red

Name of the Vulnerable Software and Affected Versions OpenText Directory Services versions 10.5 through 26.1

Description The software contains a flaw related to the deserialization of untrusted data, which allows for object injection. Successful exploitation of this issue could result in remote code execution, denial of service, or privilege escalation.

Recommendations Update OpenText Directory Services to a version later than 26.1.

Fix

LPE

RCE

DoS

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2025-15579

Affected Products

Opentext Directory Services

PT-2026-20435 · Opentext · Opentext Directory Services

CVE-2025-15579

Weakness Enumeration

Related Identifiers

Affected Products

References · 7