CVE-2025-26512

CRITICAL

Netapp Snapcenter < 6.0.1 - Incorrect Privilege Assignment

Title source: rule

Description

SnapCenter versions prior to 6.0.1P1 and 6.1P1 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed.

References (2)

[Vendor Advisory] https://security.netapp.com/advisory/NTAP-20250324-0001

[Vendor Advisory] https://security.netapp.com/advisory/ntap-20250324-0001/

Scores

CVSS v3 9.9

EPSS 0.0012

EPSS Percentile 30.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Classification

CWE

CWE-266

Status published

Affected Products (3)

netapp/snapcenter < 6.0.1

netapp/snapcenter

Timeline

Published Mar 24, 2025

Tracked Since Feb 18, 2026