A vital security flaw has been disclosed in NetApp SnapCenter that, if efficiently exploited, might permit privilege escalation.
SnapCenter is an enterprise-focused software program that is used to handle knowledge safety throughout purposes, databases, digital machines, and file programs, providing the power to backup, restore, and clone knowledge sources.
The vulnerability, tracked as CVE-2025-26512, carries a CVSS rating of 9.9 out of a most of 10.0.
“SnapCenter variations prior to six.0.1P1 and 6.1P1 are vulnerable to a vulnerability which can permit an authenticated SnapCenter Server person to grow to be an admin person on a distant system the place a SnapCenter plug-in has been put in,” the information infrastructure firm stated in an advisory printed this week.
CVE-2025-26512 has been addressed in SnapCenter variations 6.0.1P1 and 6.1P1. There are presently no workarounds that handle the difficulty.
Whereas there is no such thing as a proof that the shortcoming has been exploited within the wild, it is important that organizations apply the most recent updates to safeguard towards potential threats.
