Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-36588

Dell Unisphere for PowerMax, version(s) 10.2.0.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.

Published

2026-01-22T16:16:07.050

Last Modified

2026-02-03T14:00:31.770

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Primary
CWE-89

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	dell	unisphere_for_powermax	< 9.2.4.19	Yes
Application	dell	unisphere_for_powermax_virtual_appliance	< 9.2.4.19	Yes

References

https://www.dell.com/support/kbdoc/en-us/000402262/dsa-2025-425-dell-powermaxos-dell-powermax-eem-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtual-appliance-dell-unisphere-360-dell-solutions-enabler-virtual-appliance-security-update-for-multiple-vulnerabilities Vendor Advisory ([email protected])