Primary

Context

Dell Unisphere for PowerMax SQL Injection Vulnerability Allowing Command Execution

Vulnerability

Patched

A SQL injection vulnerability has been identified in Dell Unisphere for PowerMax, specifically in version 10.2.0.x. This vulnerability arises from improper neutralization of special elements used in SQL commands, allowing low-privileged attackers with remote access to potentially exploit the issue and execute commands.

Impact

Exploitation of this vulnerability could lead to unauthorized command execution on the affected system.

Remediation

Users can upgrade to version 9.2.4.19 or later. For Unisphere for PowerMax Virtual Appliance, version 9.2.4.19 or later is recommended. For Unisphere 360, version 9.2.4.41 or later is advised. Dell PowerMax EEM users should contact customer support and request the DSA-2025-425 update.

Added: Jan 22, 2026, 4:24 PM

Updated: Jan 22, 2026, 4:24 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

10.0

exploitability

4.9

remediation

7.7

relevance

2.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

10.0

exploitability

4.9

remediation

7.7

relevance

2.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Dell Unisphere for PowerMax SQL Injection Vulnerability Allowing Command Execution

Vulnerability

Impact

Remediation

Affected Products

Dell Unisphere for PowerMax

Dell Unisphere for PowerMax Virtual Appliance

Dell Solutions Enabler Virtual Appliance

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating