CVE-2025-36595
Analyzed Analyzed - Analysis Complete
BaseFortify

Publication date: 2025-06-27

Last updated on: 2026-01-14

Assigner: Dell

Description
Dell Unisphere for PowerMax vApp, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-27
Last Modified
2026-01-14
Generated
2026-05-07
AI Q&A
2025-06-27
EPSS Evaluated
2026-05-05
NVD
CVE-2025-36595
EUVD
EUVD-2025-19348
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
dell solutions_enabler_virtual_appliance From 9.2.4.0 (inc) to 9.2.4.11 (exc)
dell unisphere_for_powermax_virtual_appliance From 9.2.4.0 (inc) to 9.2.4.17 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-96 The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before inserting the input into an executable resource, such as a library, configuration file, or template.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in Dell Unisphere for PowerMax vApp version 9.2.4.x is an Improper Neutralization of Directives in Statically Saved Code, also known as Static Code Injection. It allows a high privileged attacker with remote access to potentially execute arbitrary code on the affected system.


How can this vulnerability impact me? :

If exploited, this vulnerability could allow an attacker with high privileges and remote access to execute arbitrary code, potentially leading to full compromise of the affected system, including unauthorized data access, modification, or disruption of services.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart