CVE-2025-36581

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-36581
Dell PowerEdge Platform version(s) 14G AMD BIOS v1.25.0 and prior, contain(s) an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.

3.8 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 2.0 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://www.dell.com/support/kbdoc/en-us/000356405/dsa-2025-299-security-update-for-dell-poweredge-server-bios-for-an-access-of-memory-location-after-end-of-buffer-vulnerability Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dell:poweredge_r6415_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r6415:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:dell:poweredge_r7415_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r7415:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:dell:poweredge_r7425_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r7425:-:*:*:*:*:*:*:*
History

14 Jan 2026, 17:55

Type Values Removed Values Added
Summary
  • (es) Las versiones 14G AMD BIOS v1.25.0 y anteriores de la plataforma Dell PowerEdge contienen una vulnerabilidad de acceso a la ubicación de memoria tras el fin del búfer. Un atacante con pocos privilegios y acceso local podría explotar esta vulnerabilidad, lo que provocaría la exposición de información.
CWE CWE-119
First Time Dell poweredge R7425
Dell poweredge R6415 Firmware
Dell poweredge R7415
Dell poweredge R7425 Firmware
Dell poweredge R6415
Dell
Dell poweredge R7415 Firmware
CPE cpe:2.3:h:dell:poweredge_r6415:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r7415:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:poweredge_r7425_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:poweredge_r7415_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r7425:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:poweredge_r6415_firmware:*:*:*:*:*:*:*:*
References () https://www.dell.com/support/kbdoc/en-us/000356405/dsa-2025-299-security-update-for-dell-poweredge-server-bios-for-an-access-of-memory-location-after-end-of-buffer-vulnerability - () https://www.dell.com/support/kbdoc/en-us/000356405/dsa-2025-299-security-update-for-dell-poweredge-server-bios-for-an-access-of-memory-location-after-end-of-buffer-vulnerability - Vendor Advisory

14 Aug 2025, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-08-14 14:15

Updated : 2026-01-14 17:55

NVD link : CVE-2025-36581

Mitre link : CVE-2025-36581

CVE.ORG link : CVE-2025-36581

JSON object : View

Products Affected

dell

  • poweredge_r7425
  • poweredge_r7425_firmware
  • poweredge_r7415
  • poweredge_r6415
  • poweredge_r6415_firmware
  • poweredge_r7415_firmware
CWE
CWE-788

Access of Memory Location After End of Buffer

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer