CVE-2025-38742

Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000359617/dsa-2025-311-security-update-for-dell-idrac-service-module-vulnerabilities

Configurations

No configuration.

History

22 Aug 2025, 18:08

Type	Values Removed	Values Added
Summary		(es) Dell iDRAC Service Module (iSM), versiones anteriores a la 6.0.3.0, presenta una vulnerabilidad de asignación incorrecta de permisos para recursos críticos. Un atacante con pocos privilegios y acceso local podría explotar esta vulnerabilidad, lo que provocaría la ejecución de código.

21 Aug 2025, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-21 19:15

Updated : 2025-08-22 18:08

NVD link : CVE-2025-38742

Mitre link : CVE-2025-38742

CVE.ORG link : CVE-2025-38742

JSON object : View

Products Affected

No product.

CWE

CWE-732

Incorrect Permission Assignment for Critical Resource

5.3 /10