A critical vulnerability, CVE-2025-26512, in NetApp's SnapCenter software has been identified, allowing attackers with authenticated access to escalate privileges and gain unauthorized administrative control. This flaw can result in the alteration or deletion of sensitive data and may disrupt operations, posing severe risks to the IT infrastructure. Customers are urged to apply the latest patches, SnapCenter 6.0.1P1 and 6.1P1, to mitigate this risk. The CVSS score is 9.9, indicating the severity and potential for significant impact if exploited.
Source: https://thecyberexpress.com/netapp-snapcenter-vulnerability-cve-2025-26512/
TPRM report: https://scoringcyber.rankiteo.com/company/netapp
"id": "net116032725",
"linkid": "netapp",
"type": "Vulnerability",
"date": "3/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Technology',
'name': 'NetApp',
'type': 'Company'}],
'attack_vector': 'Authenticated Access',
'data_breach': {'type_of_data_compromised': ['Sensitive Data']},
'description': "A critical vulnerability, CVE-2025-26512, in NetApp's "
'SnapCenter software has been identified, allowing attackers '
'with authenticated access to escalate privileges and gain '
'unauthorized administrative control. This flaw can result in '
'the alteration or deletion of sensitive data and may disrupt '
'operations, posing severe risks to the IT infrastructure. '
'Customers are urged to apply the latest patches, SnapCenter '
'6.0.1P1 and 6.1P1, to mitigate this risk. The CVSS score is '
'9.9, indicating the severity and potential for significant '
'impact if exploited.',
'impact': {'data_compromised': ['Sensitive Data'],
'operational_impact': ['Disruption of Operations'],
'systems_affected': ['SnapCenter Software']},
'recommendations': ['Apply Latest Patches: SnapCenter 6.0.1P1 and 6.1P1'],
'response': {'remediation_measures': ['Apply Latest Patches: SnapCenter '
'6.0.1P1 and 6.1P1']},
'title': 'NetApp SnapCenter Privilege Escalation Vulnerability',
'type': 'Privilege Escalation',
'vulnerability_exploited': 'CVE-2025-26512'}