Cyber Resilience

CVE-2025-21111

High

Published: 08 January 2025

Published
08 January 2025
Modified
24 January 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0006 17.7th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-21111 is a high-severity Plaintext Storage of a Password (CWE-256) vulnerability in Dell Vxrail D560 Firmware. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Credentials In Files (T1552.001); ranked at the 17.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SC-28 (Protection of Information at Rest).

Deeper analysis

CVE-2025-21111 is a Plaintext Storage of a Password vulnerability affecting Dell VxRail systems in versions 8.0.000 through 8.0.311. This flaw, mapped to CWE-256 (Plaintext Storage of a Password) and CWE-522 (Insufficiently Protected Credentials), involves the insecure storage of sensitive credentials in plaintext within the affected component.

A high-privileged attacker with local access could potentially exploit this vulnerability, as indicated by its CVSS v3.1 base score of 7.5 (AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). Successful exploitation would lead to information exposure, with high impacts on confidentiality, integrity, and availability in a scoped attack scenario.

Dell has issued DSA-2025-025, a security update addressing multiple vulnerabilities in VxRail, including CVE-2025-21111. Practitioners should refer to the advisory at https://www.dell.com/support/kbdoc/en-us/000269958/dsa-2025-025-security-update-for-dell-vxrail-for-multiple-vulnerabilities for details on patches and mitigation steps.

EU & UK References

Vulnerability details

Dell VxRail, versions 8.0.000 through 8.0.311, contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Why these techniques?

Plaintext credential storage (CWE-256/522) directly enables local high-privileged reading of credentials from files, mapping to Unsecured Credentials: Credentials In Files.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-21102Same product: Dell Vxrail D560
CVE-2026-21417Same vendor: Dell
CVE-2026-23775Same vendor: Dell
CVE-2024-48831Same vendor: Dell
CVE-2025-36568Same vendor: Dell
CVE-2026-35155Same vendor: Dell
CVE-2026-28261Same vendor: Dell
CVE-2026-40636Same vendor: Dell
CVE-2026-21660Shared CWE-256, CWE-522
CVE-2025-21105Same vendor: Dell

Affected Assets

dell
vxrail d560 firmware
8.0.000 — 8.320
dell
vxrail d560f firmware
8.0.000 — 8.320
dell
vxrail e460 firmware
8.0.000 — 8.320
dell
vxrail e560 firmware
8.0.000 — 8.320
dell
vxrail e560 vcf firmware
8.0.000 — 8.320
dell
vxrail e560f firmware
8.0.000 — 8.320
dell
vxrail e560f vcf firmware
8.0.000 — 8.320
dell
vxrail e560n firmware
8.0.000 — 8.320
dell
vxrail e560n vcf firmware
8.0.000 — 8.320
dell
vxrail e660 firmware
8.0.000 — 8.320
+32 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

IA-5 mandates cryptographic protection for stored authenticators like passwords, directly preventing plaintext storage vulnerabilities like CVE-2025-21111.

prevent

SC-28 requires cryptographic mechanisms to protect sensitive information at rest, comprehensively mitigating exposure of plaintext-stored passwords.

prevent

SI-2 ensures timely identification, reporting, and correction of flaws such as plaintext password storage, addressing the specific vulnerability via patching.

References