CVE-2025-36589
HIGH WAF: High
CVSS 7.1
Published: 2026-01-06
CWE-611
Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to data and resources outside of the intended sphere of control.
WAF Coverage Analysis
XML External Entity (XXE)
High WAF Coverage
OWASP: A05:2021 Security Misconfiguration
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| dell | unisphere_for_powermax | 9.2.4.18 |
| dell | unisphere_for_powermax_virtual_appliance | 9.2.4.17 - 9.2.4.19 |
References
- www.dell.com (Vendor Advisory)