CVE-2025-26512
CRITICALSnapCenter < 6.0.1P1 and < 6.1P1 - Authenticated Privilege Escalation to Admin via Plug-in
Title source: llmDescription
SnapCenter versions prior to 6.0.1P1 and 6.1P1 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed.
References (2)
Core 2
Core References
Vendor Advisory
https://security.netapp.com/advisory/NTAP-20250324-0001
Vendor Advisory
https://security.netapp.com/advisory/ntap-20250324-0001/
Scores
CVSS v3
9.9
EPSS
0.0006
EPSS Percentile
18.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-266
Status
published
Products (3)
netapp/snapcenter
6.0.1
netapp/snapcenter
6.1
netapp/snapcenter
< 6.0.1
Published
Mar 24, 2025
Tracked Since
Feb 18, 2026