CVE-2025-26482

high-risk

Published 2025-09-25

Dell PowerEdge Server BIOS and Dell iDRAC9, all versions, contains an Information Disclosure vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information Disclosure.

Do I need to act?

0.04% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.9/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Poweredge R770 Firmware

Poweredge R670 Firmware

Poweredge R570 Firmware

Poweredge R470 Firmware

Poweredge R6715 Firmware

Poweredge R7715 Firmware

Poweredge R6725 Firmware

Poweredge R7725 Firmware

Poweredge R660 Firmware

Poweredge R760 Firmware

Poweredge C6620 Firmware

Poweredge Mx760C Firmware

Poweredge R860 Firmware

Poweredge R960 Firmware

Poweredge Hs5610 Firmware

Poweredge Hs5620 Firmware

Poweredge R660Xs Firmware

Poweredge R760Xs Firmware

Poweredge R760Xd2 Firmware

Poweredge T560 Firmware

Affected Vendors

Dell

References (1)

Vendor Advisory https://www.dell.com/support/kbdoc/en-us/000370138/dsa-2025-046-security-update-...

/ 100

high-risk

Severity 20/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 31/34 · Critical