Skip to main content

Unisphere For Powermax Virtual Appliance CVE-2025-36588

HIGH
SQL Injection (CWE-89)
2026-01-22 security_alert@emc.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 22, 2026 - 16:16 nvd
HIGH 8.8

DescriptionCVE.org

Dell Unisphere for PowerMax, version(s) 10.2.0.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.

AnalysisAI

Dell Unisphere for PowerMax, version(s) 10.2.0.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. [CVSS 8.8 HIGH]

Technical ContextAI

Classified as CWE-89 (SQL Injection). Affects Unisphere For Powermax. Dell Unisphere for PowerMax, version(s) 10.2.0.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.

RemediationAI

Monitor vendor advisories for a patch. Use parameterized queries. Implement input validation. Restrict network access to the affected service where possible.

CVE-2024-25955 HIGH
8.8 Mar 28

Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. Rated high severity (CVSS 8.8),

CVE-2024-25946 HIGH
8.8 Mar 28

Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. Rated high severity (CVSS 8.8),

CVE-2022-31233 HIGH
8.0 Aug 31

Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. Rated high severity (CVSS

CVE-2021-21531 HIGH
7.8 Apr 30

Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. Rated high severity

CVE-2025-36589 HIGH
7.6 Jan 06

Unisphere For Powermax versions up to 9.2.4.18 is affected by improper restriction of xml external entity reference (CVS

CVE-2023-48671 HIGH
7.5 Dec 14

Dell vApp Manager, versions prior to 9.2.4.x contain an information disclosure vulnerability. Rated high severity (CVSS

CVE-2023-48660 HIGH
7.5 Dec 14

Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. Rated high severity (CVSS 7.5)

CVE-2025-36595 HIGH
7.2 Jun 27

A remote code execution vulnerability (CVSS 7.2). High severity vulnerability requiring prompt remediation.

CVE-2023-48665 HIGH
7.2 Dec 14

Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. Rated high severity (CVSS 7.2),

CVE-2023-48664 HIGH
7.2 Dec 14

Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. Rated high severity (CVSS 7.2),

CVE-2023-48663 HIGH
7.2 Dec 14

Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. Rated high severity (CVSS 7.2),

CVE-2023-48662 HIGH
7.2 Dec 14

Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. Rated high severity (CVSS 7.2),

Share

CVE-2025-36588 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy