CVE-2025-26336: Buffer Overflow
First published: Fri Mar 21 2025(Updated: )
Dell Chassis Management Controller Firmware for Dell PowerEdge FX2, version(s) prior to 2.40.200.202101130302, and Dell Chassis Management Controller Firmware for Dell PowerEdge VRTX version(s) prior to 3.41.200.202209300499, contain(s) a Stack-based Buffer Overflow vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Remote execution.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dell Chassis Management Controller For Poweredge Fx2 Firmware | <2.40.200.202101130302 | |
| Dell Chassis Management Controller For Poweredge Vrtx | <3.41.200.202209300499 | |
| All of | ||
| Dell Chassis Management Controller For Poweredge Fx2 Firmware | <2.40.200.202101130302 | |
| Dell Chassis Management Controller For Poweredge Fx2 Firmware | ||
| All of | ||
| Dell Chassis Management Controller For Poweredge Vrtx | <3.41.200.202209300499 | |
| Dell Chassis Management Controller For Poweredge VRTx Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2025-26336?
CVE-2025-26336 has been rated as a high severity vulnerability due to its potential for unauthenticated access and exploitation.
How do I fix CVE-2025-26336?
To fix CVE-2025-26336, update the Dell Chassis Management Controller Firmware for PowerEdge FX2 to version 2.40.200.202101130302 or later, and PowerEdge VRTX to version 3.41.200.202209300499 or later.
What types of systems are affected by CVE-2025-26336?
CVE-2025-26336 affects the Dell Chassis Management Controller Firmware for PowerEdge FX2 and PowerEdge VRTX versions prior to the specified updates.
What is a Stack-based Buffer Overflow vulnerability in CVE-2025-26336?
A Stack-based Buffer Overflow vulnerability like that in CVE-2025-26336 occurs when the program writes more data to a buffer on the stack than it can hold, potentially allowing an attacker to execute arbitrary code.
Is CVE-2025-26336 an unauthenticated vulnerability?
Yes, CVE-2025-26336 is classified as an unauthenticated vulnerability, allowing an attacker to exploit it without needing valid user credentials.
- agent/references
- agent/first-publish-date
- agent/type
- agent/description
- agent/author
- agent/source
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- vendor/dell
- canonical/dell chassis management controller for poweredge fx2 firmware
- canonical/dell chassis management controller for poweredge vrtx
- canonical/dell chassis management controller for poweredge vrtx firmware