CVE-2025-26336: Dell Chassis Management Controller Firmware for Dell PowerEdge FX2, version(s) prior to 2.40.200.202101130302, and Dell Chassis Management...
Description
Dell Chassis Management Controller Firmware for Dell PowerEdge FX2, version(s) prior to 2.40.200.202101130302, and Dell Chassis Management Controller Firmware for Dell PowerEdge VRTX version(s) prior to 3.41.200.202209300499, contain(s) a Stack-based Buffer Overflow vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Remote execution.
Classification
CVE ID: CVE-2025-26336
CVSS Base Severity: HIGH
CVSS Base Score: 8.3
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H
Problem Types
CWE-121: Stack-based Buffer OverflowAffected Products
Vendor: Dell, Dell
Product: Dell Chassis Management Controller (CMC) for Dell PowerEdge FX2, Dell Chassis Management Controller (CMC) for PowerEdge VRTX
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.06% (probability of being exploited)
EPSS Percentile: 20.17% (scored less or equal to compared to others)
EPSS Date: 2025-04-18 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-26336https://www.dell.com/support/kbdoc/en-us/000297463/dsa-2025-123-security-update-for-dell-chassis-management-controller-firmware-for-dell-poweredge-fx2-and-vrtx-vulnerabilities