CVE-2025-26512

Published Mar 24, 2025

Last updated 2 months ago

CVSS critical 9.9

Overview

Description
SnapCenter versions prior to 6.0.1P1 and 6.1P1 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed.
Source
security-alert@netapp.com
NVD status
Analyzed
Products
snapcenter

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.9
Impact score
6
Exploitability score
3.1
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

security-alert@netapp.com
CWE-266
nvd@nist.gov
NVD-CWE-noinfo

Social media

Hype score
Not currently trending

  1. 🚨 ثغرة أمنية خطيرة في برنامج SnapCenter من شركة NetApp (CVE-2025-26512) تهدد الأنظمة الحساسة! 🛡️ تحديثات مهمة للحماية وتبني ممارسات أمنية. كيف يمكن تعزيز القوانين؟ 🔗 للتفاصيل: https://t.co/qXDZQqkQ2c #الأمن_السيبراني #NetApp

    @CYBRAT_NET

    30 Mar 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CISA e NetApp: malware RESURGE e vulnerabilità critiche in SnapCenter Sicurezza Informatica, buffer overflow, cisa, Coreboot, CVE-2025-0282, CVE-2025-26512, escalation, Ivanti, malware, MAR, NetApp, RESURGE, SnapCenter, vulnerabilità https://t.co/eDJQzjAuYg https://t.co/Ci65OtBxB

    @matricedigitale

    29 Mar 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. NetApp Critical 9.9 Vulnerability SnapCenter CVE-2025-26512 Privilege Escalation Vulnerability in SnapCenter https://t.co/hYs6XCffNA https://t.co/SAwcJ1stU9

    @_CYOPS

    27 Mar 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. A critical vulnerability, CVE-2025-26512, in NetApp SnapCenter allows privilege escalation for authenticated users on versions before 6.0.1P1 and 6.1P1. CVSS score: 9.9. 🚨 #NetApp #SecurityFlaw #USA link: https://t.co/pFZBRvLqfi https://t.co/vmGJSa0LiZ

    @TweetThreatNews

    27 Mar 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 One click from insider to admin? A critical flaw in NetApp SnapCenter (CVE-2025-26512, CVSS 9.9) lets authenticated users escalate privileges to full admin—on remote systems. SnapCenter powers enterprise backups—this isn’t niche, it’s everywhere. 🔗Read: https://t.co/tol3wW

    @TheHackersNews

    27 Mar 2025

    12641 Impressions

    39 Retweets

    107 Likes

    14 Bookmarks

    2 Replies

    1 Quote

  6. A critical privilege escalation vulnerability (CVE-2025-26512) with a CVSS score of 9.9 affects NetApp SnapCenter versions <6.0.1P1 & <6.1P1. Updates available via NetApp Support. 🛡️ #NetApp #DataSecurity #USA link: https://t.co/uoHzZODVdc https://t.co/AiNaBIXbIN

    @TweetThreatNews

    26 Mar 2025

    99 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🚨 CVE-2025-26512 ⚠️🔴 CRITICAL (9.9) 🏢 NetApp - SnapCenter 🏗️ 0 🔗 https://t.co/mxvnmYtzjs #CyberCron #VulnAlert #InfoSec https://t.co/h7d9wBDxFz

    @cybercronai

    26 Mar 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. CVE-2025-26512 03/24/2025 10:15:13 PM BaseSeverity: CRITICAL SnapCenter versions prior to 6.0.1P1 and 6.1P1 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin u... https://t.co/rdaDWAgsgz

    @CVETracker

    25 Mar 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. [CVE-2025-26512: CRITICAL] SnapCenter versions before 6.0.1P1 and 6.1P1 have a vulnerability allowing an authenticated user to elevate permissions on a remote system with the plug-in installed.#cybersecurity,#vulnerability https://t.co/Em1hjAk2b8 https://t.co/OYtZKbvvZY

    @CveFindCom

    24 Mar 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. CVE-2025-26512 SnapCenter versions prior to 6.0.1P1 and 6.1P1 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on… https://t.co/LUr2lLAIsW

    @CVEnew

    24 Mar 2025

    392 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Client accessible data as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N).CVE-2025-30722
  2. Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.CVE-2024-47554
  3. SnapCenter versions prior to 5.0p1 are susceptible to a vulnerability which could allow an authenticated attacker to discover plaintext credentials.CVE-2024-21993
  4. Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).CVE-2024-21102
  5. Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.33 and prior, 7.6.29 and prior, 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data. CVSS 3.1 Base Score 2.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N).CVE-2024-21101

References

Sources include official advisories and independent security research.