CVE-2025-26512
Published: 24 March 2025
Summary
CVE-2025-26512 is a critical-severity Incorrect Privilege Assignment (CWE-266) vulnerability in Netapp Snapcenter. Its CVSS base score is 9.9 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 18.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Timely flaw remediation through upgrading to SnapCenter 6.0.1P1 or 6.1P1 directly resolves the privilege escalation vulnerability as recommended by the vendor advisory.
Least privilege enforcement directly counters the CWE-266 incorrect privilege assignment allowing low-privilege authenticated users to gain admin access on remote plug-in hosts.
Access enforcement mechanisms ensure approved authorizations prevent authenticated users from escalating privileges to admin level on remote systems with SnapCenter plug-ins.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE explicitly describes a privilege escalation vulnerability (CWE-266) allowing an authenticated low-privilege user on the SnapCenter Server to gain administrative privileges on remote systems with SnapCenter plug-ins installed, directly enabling exploitation for privilege escalation.
NVD Description
SnapCenter versions prior to 6.0.1P1 and 6.1P1 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed.
Deeper analysisAI
CVE-2025-26512 is a privilege escalation vulnerability affecting NetApp SnapCenter versions prior to 6.0.1P1 and 6.1P1. It enables an authenticated user on the SnapCenter Server to gain administrative privileges on a remote system where a SnapCenter plug-in is installed. The issue is associated with CWE-266 (Incorrect Privilege Assignment) and carries a CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), classifying it as critical due to its network accessibility, low complexity, and high impacts across confidentiality, integrity, and availability.
An attacker requires only low-privilege authenticated access to the SnapCenter Server to exploit this vulnerability remotely without user interaction. Exploitation allows the attacker to elevate their privileges to administrator level on remote hosts running SnapCenter plug-ins, potentially enabling full control over those systems in a cross-scope attack.
NetApp security advisories (NTAP-20250324-0001), available at https://security.netapp.com/advisory/ntap-20250324-0001/ and https://security.netapp.com/advisory/NTAP-20250324-0001, detail mitigation steps, with upgrading to SnapCenter 6.0.1P1 or 6.1P1 resolving the issue in affected versions.
Details
- CWE(s)