A critical security flaw has been disclosed in NetApp SnapCenter, and if successful, it could allow privilege escalation.
SnapCenter is enterprise-centric software used to manage data protection across applications, databases, virtual machines and file systems, providing the ability to back up, restore, and clone data resources.
The CVSS score for vulnerabilities tracked as CVE-2025-26512 carries a maximum of 9.9 out of 10.0.
“Snapcenter versions prior to 6.0.1p1 and 6.1p1 are susceptible to vulnerabilities that allow authenticated Snapcenter server users to become administrator users on remote systems where the Snapcenter plugin is installed.”
CVE-2025-26512 is addressed in SnapCenter versions 6.0.1p1 and 6.1p1. There are currently no workarounds to address the issue.
Although there is no evidence that the drawbacks have been exploited in the wild, it is essential that organizations apply the latest updates to protect against potential threats.
Source link
