Skip to main content

Unisphere For Powermax Virtual Appliance CVE-2025-36589

HIGH
Improper Restriction of XML External Entity Reference (CWE-611)
2026-01-06 security_alert@emc.com
7.6
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.6 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
Low

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 06, 2026 - 17:15 nvd
HIGH 7.6

DescriptionCVE.org

Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to data and resources outside of the intended sphere of control.

AnalysisAI

Unisphere For Powermax versions up to 9.2.4.18 is affected by improper restriction of xml external entity reference (CVSS 7.6).

Technical ContextAI

This vulnerability (CWE-611: Improper Restriction of XML External Entity Reference) affects Unisphere For Powermax. Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to data and resources outside of the intended sphere of control.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2025-36588 HIGH
8.8 Jan 22

Dell Unisphere for PowerMax, version(s) 10.2.0.x, contain(s) an Improper Neutralization of Special Elements used in an S

CVE-2024-25955 HIGH
8.8 Mar 28

Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. Rated high severity (CVSS 8.8),

CVE-2024-25946 HIGH
8.8 Mar 28

Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. Rated high severity (CVSS 8.8),

CVE-2022-31233 HIGH
8.0 Aug 31

Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. Rated high severity (CVSS

CVE-2021-21531 HIGH
7.8 Apr 30

Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. Rated high severity

CVE-2023-48671 HIGH
7.5 Dec 14

Dell vApp Manager, versions prior to 9.2.4.x contain an information disclosure vulnerability. Rated high severity (CVSS

CVE-2023-48660 HIGH
7.5 Dec 14

Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. Rated high severity (CVSS 7.5)

CVE-2025-36595 HIGH
7.2 Jun 27

A remote code execution vulnerability (CVSS 7.2). High severity vulnerability requiring prompt remediation.

CVE-2023-48665 HIGH
7.2 Dec 14

Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. Rated high severity (CVSS 7.2),

CVE-2023-48664 HIGH
7.2 Dec 14

Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. Rated high severity (CVSS 7.2),

CVE-2023-48663 HIGH
7.2 Dec 14

Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. Rated high severity (CVSS 7.2),

CVE-2023-48662 HIGH
7.2 Dec 14

Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. Rated high severity (CVSS 7.2),

Share

CVE-2025-36589 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy