CVE-2025-22397

Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions 6.10.80.00 through 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior to 1.20.25.00, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 5.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000384516/dsa-2025-376-security-update-for-dell-idrac9-and-idrac10-vulnerabilities	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:dell:idrac9_firmware::::::::
	cpe:2.3:o:dell:idrac9_firmware::::::::

cpe:2.3:h:dell:idrac9:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:dell:idrac10_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:idrac10:-:*:*:*:*:*:*:*

History

21 Jan 2026, 20:07

Type	Values Removed	Values Added
References	~~() https://www.dell.com/support/kbdoc/en-us/000384516/dsa-2025-376-security-update-for-dell-idrac9-and-idrac10-vulnerabilities -~~	() https://www.dell.com/support/kbdoc/en-us/000384516/dsa-2025-376-security-update-for-dell-idrac9-and-idrac10-vulnerabilities - Vendor Advisory
CPE		cpe:2.3:o:dell:idrac9_firmware:::::::: cpe:2.3:o:dell:idrac10_firmware:::::::: cpe:2.3:h:dell:idrac10:-:::::::* cpe:2.3:h:dell:idrac9:-:::::::*
First Time		Dell idrac10 Dell idrac9 Firmware Dell Dell idrac10 Firmware Dell idrac9

06 Nov 2025, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-11-06 19:15

Updated : 2026-01-21 20:07

NVD link : CVE-2025-22397

Mitre link : CVE-2025-22397

CVE.ORG link : CVE-2025-22397

JSON object : View

Products Affected

dell

idrac10_firmware
idrac9
idrac10
idrac9_firmware

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2025-22397", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2025-11-06T19:15:41.153", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000384516/dsa-2025-376-security-update-for-dell-idrac9-and-idrac10-vulnerabilities", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions 6.10.80.00 through 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior to 1.20.25.00, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access."}], "lastModified": "2026-01-21T20:07:45.430", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:idrac9_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFA88EBF-1790-472B-BCF7-6D0C52AE8FBD", "versionEndExcluding": "7.00.00.181", "versionStartIncluding": "6.10.80.00"}, {"criteria": "cpe:2.3:o:dell:idrac9_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FD8EDE3-C72D-40B8-9260-DC8A00748F0B", "versionEndExcluding": "7.20.10.50", "versionStartIncluding": "7.00.00.183"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:idrac9:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BD8B684E-092F-496C-9D94-51CCD1F3575A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:idrac10_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0362FAE2-88A8-4FB0-B985-BD8FE569D214", "versionEndExcluding": "1.20.25.00"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:idrac10:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5BFCEF7B-7BE5-49C4-9206-C8417174E313"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security_alert@emc.com"}