What is the severity of CVE-2023-25495?

The severity of CVE-2023-25495 is considered moderate, as it allows an authenticated administrative user to expose sensitive LDAP client passwords.

How do I fix CVE-2023-25495?

To fix CVE-2023-25495, update the firmware to versions later than 2.93_afbt30p or 3.72_tei388s based on your system model.

Which firmware versions are affected by CVE-2023-25495?

CVE-2023-25495 affects specific Lenovo ThinkAgile firmware versions including 2.93_afbt30p and 3.72_tei388s.

What are the impacts of CVE-2023-25495?

The impact of CVE-2023-25495 is the potential exposure of LDAP client passwords, leading to unauthorized access to systems relying on LDAP for authentication.

Who is vulnerable to CVE-2023-25495?

Organizations using vulnerable Lenovo ThinkAgile firmware versions with LDAP configuration are exposed to CVE-2023-25495.

Vulnerability/
CVE-2023-25495

medium

4.9

CWE

522

28/4/2023

30/1/2025

CVE-2023-25495

First published: Fri Apr 28 2023(Updated: )

A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configurations. There is no exposure where no LDAP client password is configured

Credit: psirt@lenovo.com

Affected Software	Affected Version	How to fix
lenovo thinkagile hx5530 firmware	<2.93_afbt30p
lenovo thinkagile hx5530 firmware
Lenovo ThinkAgile HX7530 Firmware	<2.93_afbt30p
Lenovo ThinkAgile HX7530 Firmware
Lenovo ThinkAgile VX3331 Firmware	<2.93_afbt30p
Lenovo ThinkAgile VX3331 Firmware
Lenovo ThinkAgile HX Enclosure Firmware	<3.72_tei388s
Lenovo ThinkAgile HX Enclosure 7x81
Lenovo ThinkAgile HX1021 EDG Firmware	<3.72_tei388s
Lenovo ThinkAgile HX1021 Firmware
Lenovo ThinkAgile HX1320 Firmware	<8.88_cdi3a4a
Lenovo ThinkAgile HX1320 Firmware
Lenovo ThinkAgile HX1321 Firmware	<8.88_cdi3a4a
Lenovo ThinkAgile HX1321 Firmware
Lenovo ThinkAgile HX1331 Firmware	<2.93_afbt30p
Lenovo ThinkAgile HX1331 Firmware
Lenovo ThinkAgile HX1520-R Firmware	<8.88_cdi3a4a
Lenovo ThinkAgile HX1520-R Firmware
Lenovo ThinkAgile HX1521-R	<8.88_cdi3a4a
Lenovo ThinkAgile HX1521-R Firmware
Lenovo ThinkAgile HX2320-E Firmware	<8.88_cdi3a4a
Lenovo ThinkAgile HX2320-E Firmware
lenovo thinkagile hx2321 firmware	<8.88_cdi3a4a
Lenovo ThinkAgile HX2321
Lenovo ThinkAgile HX2330 Firmware	<2.93_afbt30p
Lenovo ThinkAgile HX2330 Firmware	=2.93_afbt30p
Lenovo ThinkAgile HX2330 Firmware
Lenovo ThinkAgile HX2331 Firmware	<2.93_afbt30p
Lenovo ThinkAgile HX2331 Firmware
Lenovo ThinkAgile HX2720-E Firmware	<3.72_tei388s
Lenovo ThinkAgile HX2720-E Firmware
Lenovo ThinkAgile HX3320 Firmware	<8.88_cdi3a4a
Lenovo ThinkAgile HX3320 Firmware
Lenovo ThinkAgile HX3321 Firmware	<8.88_cdi3a4a
Lenovo ThinkAgile HX3321 Firmware
Lenovo ThinkAgile HX3330 Firmware	<2.93_afbt30p
Lenovo ThinkAgile HX3330 Firmware
Lenovo ThinkAgile HX3331 Firmware	<2.93_afbt30p
Lenovo ThinkAgile HX3331 Firmware
Lenovo ThinkAgile HX3331 Firmware	<4.71_d8bt48p
lenovo thinkagile hx3375 firmware	<4.71_d8bt48p
Lenovo ThinkAgile HX3375
Lenovo ThinkAgile HX3376 Firmware	<8.88_cdi3a4a
Lenovo ThinkAgile HX3376 Firmware
Lenovo ThinkAgile HX3520-G Firmware	<8.88_cdi3a4a
Lenovo ThinkAgile HX3520-G
Lenovo ThinkAgile HX3521-G Firmware	<3.72_tei388s
Lenovo ThinkAgile HX3521-G Firmware
Lenovo ThinkAgile HX3720 Firmware	<3.72_tei388s
Lenovo ThinkAgile HX3720 Firmware
Lenovo ThinkAgile HX3721 Firmware	<8.88_cdi3a4a
Lenovo ThinkAgile HX3721 Firmware
Lenovo ThinkAgile HX5520 Firmware	<8.88_cdi3a4a
Lenovo ThinkAgile HX5520-C
Lenovo ThinkAgile HX5520-C Firmware	<8.88_cdi3a4a
Lenovo ThinkAgile HX5520
Lenovo ThinkAgile HX5521-C Firmware	<8.88_cdi3a4a
Lenovo ThinkAgile HX5521 Firmware
Lenovo ThinkAgile HX5521 Firmware	<2.93_afbt30p
Lenovo ThinkAgile HX5521
Lenovo ThinkAgile HX5531 Firmware	<8.88_cdi3a4a
Lenovo ThinkAgile HX5531 Firmware
lenovo thinkagile hx7520 firmware	<8.88_cdi3a4a
Lenovo ThinkAgile HX7520
Lenovo ThinkAgile HX7521 Firmware	<2.93_afbt30p
Lenovo ThinkAgile HX7521 Firmware
Lenovo ThinkAgile HX7531 Firmware	<2.93_afbt30p
Lenovo ThinkAgile HX7531 Firmware
Lenovo ThinkAgile HX7531 Firmware	<2.75_psi348s
Lenovo ThinkAgile HX7820 Firmware	<2.75_psi348s
Lenovo ThinkAgile HX7820 Firmware
Lenovo ThinkAgile HX7821 Firmware	<3.72_tei388s
Lenovo ThinkAgile HX7821
Lenovo ThinkAgile MX Edge - MX1020 Firmware	<2.93_afbt30p
Lenovo ThinkAgile MX Edge - MX1020
Lenovo ThinkAgile MX3330-F Firmware	<2.93_afbt30p
Lenovo ThinkAgile MX3330-F Firmware
Lenovo ThinkAgile MX3330-H Firmware	<2.93_afbt30p
Lenovo ThinkAgile MX3330-H Firmware
Lenovo ThinkAgile MX3331-F Firmware	<2.93_afbt30p
Lenovo ThinkAgile MX3331-F All-Flash
Lenovo ThinkAgile MX3331-H Firmware	<2.93_afbt30p
Lenovo ThinkAgile MX3331-H Firmware
Lenovo ThinkAgile MX3530 F Firmware	<2.93_afbt30p
Lenovo ThinkAgile MX3530 F Firmware
Lenovo ThinkAgile MX3530-H Firmware	<2.93_afbt30p
Lenovo ThinkAgile MX3530-H Firmware
Lenovo ThinkAgile MX3531 H Firmware	<2.93_afbt30p
Lenovo ThinkAgile MX3531 H Hybrid
Lenovo ThinkAgile MX3531-F	<3.72_tei388s
Lenovo ThinkAgile MX3531-F All-Flash
lenovo thinkagile mx1021 firmware	<3.72_tei388s
Lenovo ThinkAgile MX1021
Lenovo ThinkAgile VX 1SE Firmware	<3.72_tei388s
Lenovo ThinkAgile VX 1SE Firmware
Lenovo ThinkAgile VX 2U4N Firmware	<3.72_tei388s
Lenovo ThinkAgile VX 2U4N Firmware
Lenovo ThinkAgile VX 4U Firmware	<2.75_psi348s
Lenovo ThinkAgile VX 4U Firmware
Lenovo ThinkAgile Vx1320 Firmware	<3.72_tei388s
Lenovo ThinkAgile Vx1320 Firmware
Lenovo ThinkAgile Vx2320 Firmware	<8.88_cdi3a4a
Lenovo ThinkAgile Vx2320 Firmware
Lenovo ThinkAgile VX2330 Firmware	<2.93_afbt30p
Lenovo ThinkAgile VX2330
Lenovo ThinkAgile Vx3320 Firmware	<8.88_cdi3a4a
Lenovo ThinkAgile Vx3320 Firmware
Lenovo ThinkAgile VX3330 Firmware	<2.93_afbt30p
Lenovo ThinkAgile VX3330 Firmware
Lenovo ThinkAgile Vx3520-G Firmware	<8.88_cdi3a4a
Lenovo ThinkAgile Vx3520-G Firmware
lenovo thinkagile vx3530-g firmware	<2.93_afbt30p
Lenovo ThinkAgile VX3530-G
Lenovo ThinkAgile VX3720 Firmware	<3.72_tei388s
Lenovo ThinkAgile VX3720 Firmware
Lenovo ThinkAgile VX5520 Firmware	<8.88_cdi3a4a
Lenovo ThinkAgile VX5520 Firmware
Lenovo ThinkAgile VX5530 Firmware	<2.93_afbt30p
Lenovo ThinkAgile VX5530 Firmware
Lenovo ThinkAgile VX7320 N Firmware	<8.88_cdi3a4a
Lenovo ThinkAgile VX7320 N
Lenovo ThinkAgile VX7330 Firmware	<2.93_afbt30p
Lenovo ThinkAgile VX7330 Firmware
Lenovo ThinkAgile Vx7520 N Firmware	<8.88_cdi3a4a
Lenovo ThinkAgile VX7520
Lenovo ThinkAgile Vx7520 N Firmware	<8.88_cdi3a4a
Lenovo ThinkAgile VX7520
Lenovo ThinkAgile VX7530	<2.93_afbt30p
Lenovo ThinkAgile VX7530
lenovo thinkagile vx7531 firmware	<2.93_afbt30p
lenovo thinkagile vx7531 firmware
Lenovo ThinkAgile VX7820 Firmware	<2.75_psi348s
Lenovo ThinkAgile VX7820
Lenovo ThinkEdge SE450 Firmware	<1.60_usx324o
Lenovo ThinkEdge SE450 Firmware
Lenovo ThinkStation P920 Firmware	<8.88_cdi3a4a
Lenovo ThinkStation P920
Lenovo ThinkSystem SD530	<3.72_tei388s
Lenovo ThinkSystem SD530 Firmware
Lenovo ThinkSystem SD630 V2	<2.60_tgbt42h
Lenovo ThinkSystem SD630 V2 Firmware
Lenovo ThinkSystem SD650 Firmware	<3.72_tei388s
Lenovo ThinkSystem SD650
Lenovo ThinkSystem SD650-N V2 Firmware	<2.60_tgbt42h
Lenovo ThinkSystem SD650 V2 Firmware
Lenovo ThinkSystem SD650-N V2 Firmware	<2.60_tgbt42h
Lenovo ThinkSystem SD650-N V2 Firmware
Lenovo ThinkSystem SE350 Firmware	<3.72_tei388s
Lenovo ThinkSystem SE350
Lenovo ThinkSystem SN550 V2 Firmware	<3.72_tei388s
Lenovo ThinkSystem SN550 Firmware
Lenovo ThinkSystem SN550 V2 Firmware	<2.60_tgbt42h
Lenovo ThinkSystem SN550 V2 Firmware
lenovo thinksystem sn850 firmware	<3.72_tei388s
Lenovo ThinkSystem SN850
Lenovo ThinkSystem SR150 Firmware	<3.72_tei388s
Lenovo ThinkSystem SR150
Lenovo ThinkSystem SR158 Firmware	<3.72_tei388s
Lenovo ThinkSystem SR158 Firmware
Lenovo ThinkSystem SR250 Firmware	<3.72_tei388s
Lenovo ThinkSystem SR250 V2
Lenovo ThinkSystem SR250 V2 Firmware	<2.60_tgbt42h
Lenovo ThinkSystem SR250 V2 Firmware
Lenovo ThinkSystem SR258 Firmware	<3.72_tei388s
Lenovo ThinkSystem SR258 V2
lenovo thinksystem sr258 v2 firmware	<2.60_tgbt42h
Lenovo ThinkSystem SR258 V2
Lenovo ThinkSystem SR530 Firmware	<8.88_cdi3a4a
Lenovo ThinkSystem SR530
Lenovo ThinkSystem SR550 Firmware	<8.88_cdi3a4a
Lenovo ThinkSystem SR550
Lenovo ThinkSystem SR570 Firmware	<8.88_cdi3a4a
Lenovo ThinkSystem SR570
Lenovo ThinkSystem SR590 Firmware	<8.88_cdi3a4a
Lenovo ThinkSystem SR590
Lenovo ThinkSystem SR630 Firmware	<8.88_cdi3a4a
Lenovo ThinkSystem SR630 Firmware
Lenovo ThinkSystem SR630 V2	<2.93_afbt30p
Lenovo ThinkSystem SR630 V2 Firmware
Lenovo ThinkSystem SR645 Firmware	<4.71_d8bt48p
Lenovo ThinkSystem SR645 Firmware
Lenovo ThinkSystem SR645 Firmware	<4.71_d8bt48p
Lenovo ThinkSystem SR645 V3 Firmware
Lenovo ThinkSystem SR650 Firmware	<8.88_cdi3a4a
Lenovo ThinkSystem SR650 V2
Lenovo ThinkSystem SR650 Firmware	<2.93_afbt30p
Lenovo ThinkSystem SR650 V2 Firmware
Lenovo ThinkSystem SR665 Firmware	<4.71_d8bt48p
Lenovo ThinkSystem SR665
Lenovo ThinkSystem SD665 V3 Firmware	<4.71_d8bt48p
Lenovo ThinkSystem SR665 V3 Firmware
Lenovo ThinkSystem SR670 V2	<3.72_tei388s
Lenovo ThinkSystem SR670 V2
Lenovo ThinkSystem SR670 V2	<2.60_tgbt42h
Lenovo ThinkSystem SR670
Lenovo ThinkSystem SR850 V3 Firmware	<3.72_tei388s
Lenovo ThinkSystem SR850P
Lenovo ThinkSystem SR850 V2 Firmware	<2.60_tgbt42h
Lenovo ThinkSystem SR850 V2 Firmware
Lenovo ThinkSystem SR850P Firmware	<3.72_tei388s
Lenovo ThinkSystem SR850P
Lenovo ThinkSystem SR860 Firmware	<3.72_tei388s
Lenovo ThinkSystem SR860 Firmware
Lenovo ThinkSystem SR860 V2 Firmware	<2.60_tgbt42h
Lenovo ThinkSystem SR860 V2 Firmware
Lenovo ThinkSystem SR950 Firmware	<2.75_psi348s
Lenovo ThinkSystem SR950 Firmware
Lenovo ThinkSystem ST250 Firmware	<3.72_tei388s
Lenovo ThinkSystem ST250 V2
lenovo thinksystem st250 v2 firmware	<2.60_tgbt42h
Lenovo ThinkSystem ST250 V2
Lenovo ThinkSystem ST258 Firmware	<3.72_tei388s
Lenovo ThinkSystem ST258 Firmware
Lenovo ThinkSystem ST258 Firmware	<2.60_tgbt42h
Lenovo ThinkSystem ST258 Firmware
Lenovo ThinkSystem ST550 Firmware	<8.88_cdi3a4a
Lenovo ThinkSystem ST550 Firmware
Lenovo ThinkSystem ST650 V2	<2.60_tgbt42h
Lenovo ThinkSystem ST650 V2 Firmware
Lenovo ThinkSystem ST658 V2	<2.60_tgbt42h
Lenovo ThinkSystem ST658 V2 Firmware

Remedy

Customers should update to the version (or later) of Lenovo XClarity Controller (XCC) identified in the related Lenovo Product Security Advisory: https://support.lenovo.com/us/en/product_security/LEN-99936 https://support.lenovo.com/us/en/product_security/LEN-99936

Never miss a vulnerability like this again

Reference Links

https://support.lenovo.com/us/en/product_security/LEN-99936

Frequently Asked Questions

What is the severity of CVE-2023-25495?
The severity of CVE-2023-25495 is considered moderate, as it allows an authenticated administrative user to expose sensitive LDAP client passwords.
How do I fix CVE-2023-25495?
To fix CVE-2023-25495, update the firmware to versions later than 2.93_afbt30p or 3.72_tei388s based on your system model.
Which firmware versions are affected by CVE-2023-25495?
CVE-2023-25495 affects specific Lenovo ThinkAgile firmware versions including 2.93_afbt30p and 3.72_tei388s.
What are the impacts of CVE-2023-25495?
The impact of CVE-2023-25495 is the potential exposure of LDAP client passwords, leading to unauthorized access to systems relying on LDAP for authentication.
Who is vulnerable to CVE-2023-25495?
Organizations using vulnerable Lenovo ThinkAgile firmware versions with LDAP configuration are exposed to CVE-2023-25495.