Vulnerabilities > CVE-2025-26336 - Stack-based Buffer Overflow vulnerability in Dell products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

dell

CWE-121

critical

NVD

Published: 2025-03-21

Updated: 2025-03-27

Summary

Dell Chassis Management Controller Firmware for Dell PowerEdge FX2, version(s) prior to 2.40.200.202101130302, and Dell Chassis Management Controller Firmware for Dell PowerEdge VRTX version(s) prior to 3.41.200.202209300499, contain(s) a Stack-based Buffer Overflow vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Remote execution.

Vulnerable Configurations

Part	Description	Count
OS	Dell Dell Chassis Management Controller FOR Poweredge FX2 Firmware * Dell Chassis Management Controller FOR Poweredge Vrtx Firmware *	2
Hardware	Dell Dell Chassis Management Controller FOR Poweredge FX2 - Dell Chassis Management Controller FOR Poweredge Vrtx -	2

Common Weakness Enumeration (CWE)

CWE-121 - Stack-based Buffer Overflow

References

https://www.dell.com/support/kbdoc/en-us/000297463/dsa-2025-123-security-update-for-dell-chassis-management-controller-firmware-for-dell-poweredge-fx2-and-vrtx-vulnerabilities