Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-22397

Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions 6.10.80.00 through 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior to 1.20.25.00, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

Published

2025-11-06T19:15:41.153

Last Modified

2026-01-21T20:07:45.430

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.7 (MEDIUM)

Weaknesses

Type: Secondary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	dell	idrac9_firmware	< 7.00.00.181	Yes
Operating System	dell	idrac9_firmware	< 7.20.10.50	Yes
Hardware	dell	idrac9	-	No
Operating System	dell	idrac10_firmware	< 1.20.25.00	Yes
Hardware	dell	idrac10	-	No

References

https://www.dell.com/support/kbdoc/en-us/000384516/dsa-2025-376-security-update-for-dell-idrac9-and-idrac10-vulnerabilities Vendor Advisory ([email protected])