Cyber Resilience

CVE-2025-27686

Low

Published: 07 April 2025

Published
07 April 2025
Modified
12 January 2026
KEV Added
Patch
CVSS Score v3.1 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
EPSS Score 0.0015 36.0th percentile
Risk Priority 5 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-27686 is a low-severity LDAP Injection (CWE-90) vulnerability in Dell Unisphere For Powermax. Its CVSS base score is 2.7 (Low).

Operationally, ranked at the 36.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Dell Unisphere for PowerMax, version(s) prior to 10.2.0.9 and PowerMax version(s) prior to PowerMax 9.2.4.15, contain an Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability. A high privileged attacker with remote access could potentially exploit…

more

this vulnerability, leading to Script injection.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

dell
unisphere for powermax
≤ 9.2.4.15 · 10.0.0 — 10.2.0.9

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References