CVE-2025-36581

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-36581
Dell PowerEdge Platform version(s) 14G AMD BIOS v1.25.0 and prior, contain(s) an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.

3.8 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 2.0 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://www.dell.com/support/kbdoc/en-us/000356405/dsa-2025-299-security-update-for-dell-poweredge-server-bios-for-an-access-of-memory-location-after-end-of-buffer-vulnerability Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dell:poweredge_r6415_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r6415:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:dell:poweredge_r7415_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r7415:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:dell:poweredge_r7425_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r7425:-:*:*:*:*:*:*:*
History

14 Jan 2026, 17:55

Type Values Removed Values Added
First Time Dell poweredge R7425
Dell poweredge R6415 Firmware
Dell poweredge R7415
Dell poweredge R7425 Firmware
Dell poweredge R6415
Dell
Dell poweredge R7415 Firmware
CPE cpe:2.3:h:dell:poweredge_r6415:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r7415:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:poweredge_r7425_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:poweredge_r7415_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r7425:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:poweredge_r6415_firmware:*:*:*:*:*:*:*:*
References () https://www.dell.com/support/kbdoc/en-us/000356405/dsa-2025-299-security-update-for-dell-poweredge-server-bios-for-an-access-of-memory-location-after-end-of-buffer-vulnerability - () https://www.dell.com/support/kbdoc/en-us/000356405/dsa-2025-299-security-update-for-dell-poweredge-server-bios-for-an-access-of-memory-location-after-end-of-buffer-vulnerability - Vendor Advisory
Summary
  • (es) Las versiones 14G AMD BIOS v1.25.0 y anteriores de la plataforma Dell PowerEdge contienen una vulnerabilidad de acceso a la ubicación de memoria tras el fin del búfer. Un atacante con pocos privilegios y acceso local podría explotar esta vulnerabilidad, lo que provocaría la exposición de información.
CWE CWE-119

14 Aug 2025, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-08-14 14:15

Updated : 2026-01-14 17:55

NVD link : CVE-2025-36581

Mitre link : CVE-2025-36581

CVE.ORG link : CVE-2025-36581

JSON object : View

Products Affected

dell

  • poweredge_r7425
  • poweredge_r7425_firmware
  • poweredge_r7415
  • poweredge_r6415
  • poweredge_r6415_firmware
  • poweredge_r7415_firmware
CWE
CWE-788

Access of Memory Location After End of Buffer

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer