CVE-2025-26515

High CVSS: 7.5

StorageGRID (formerly
StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 without
Single Sign-on enabled are susceptible to a Server-Side Request Forgery
(SSRF) vulnerability. Successful exploit could allow an unauthenticated
attacker to change the password of any Grid Manager or Tenant Manager
non-federated user.

Vendor

Netapp

Product

Storagegrid

CWE

CWE-918

Yayın Tarihi

2025-09-19 19:15:38

Güncelleme

2025-09-23 14:31:27

Source Identifier

security-alert@netapp.com

KEV Date Added

Kategoriler

CWE-918 Storagegrid HIGH Netapp 2025

Referanslar

https://security.netapp.com/advisory/NTAP-20250910-0002

Benzer Kayıtlar

Medium

CVE-2026-22052

ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure vulnerability. Success…

Medium

CVE-2026-22050

ONTAP versions 9.16.1 prior to 9.16.1P9 and 9.17.1 prior to 9.17.1P2 with snapshot locking enabled are susceptible to a…

Medium

CVE-2025-26514

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are susceptible to a Reflected Cr…

Medium

CVE-2025-26516

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are susceptible to a Denial of Se…

Medium

CVE-2025-26517

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are susceptible to a privilege es…

High

CVE-2025-26513

The installer for SAN Host Utilities for Windows versions prior to 8.0 is susceptible to a vulnerability which when succ…