Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
Dell iDRAC Tools, version(s) prior to 11.3.0.0, contain(s) an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
AnalysisAI
Dell iDRAC Tools versions prior to 11.3.0.0 contain an improper access control vulnerability (CWE-284) that allows low-privileged local attackers to escalate privileges without user interaction. The CVSS 7.8 score reflects high confidentiality, integrity, and availability impact. While no CVE-2025-27689 entry exists in public KEV catalogs or active exploitation databases at this time, the local attack vector with low complexity and low privilege requirements indicates this is a practical privilege escalation risk for organizations running vulnerable iDRAC Tool versions on multi-user systems.
Technical ContextAI
Dell iDRAC (Integrated Dell Remote Access Controller) Tools are out-of-band management utilities that provide administrative access to Dell servers. The vulnerability stems from improper access control mechanisms (CWE-284: Improper Access Control - Generic) in the iDRAC Tools software stack, likely in file permissions, capability checks, or authorization logic for privileged operations. CPE identification would target: cpe:2.3:a:dell:idrac_tools:*:*:*:*:*:*:*:* with versions <11.3.0.0. The root cause is insufficient validation of user privileges before executing high-privilege operations, allowing local privilege escalation (LPE) attacks where a standard user can trigger functionality reserved for administrators.
Same weakness CWE-284 – Improper Access Control
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-18220