CVE-2025-22397 – This path traversal vulnerability in Dell iDRAC... (How to Fix)

Q: What is the severity of CVE-2025-22397?

CVE-2025-22397 has a CVSS score of 6.7 (MEDIUM). This path traversal vulnerability in Dell iDRAC9 and iDRAC10 allows authenticated high-privilege attackers to access restricted directories. Attackers could potentially read sensitive files or write to unauthorized locations. Organizations using affected iDRAC versions for server management are impacted.

📋 TL;DR

This path traversal vulnerability in Dell iDRAC9 and iDRAC10 allows authenticated high-privilege attackers to access restricted directories. Attackers could potentially read sensitive files or write to unauthorized locations. Organizations using affected iDRAC versions for server management are impacted.

💻 Affected Systems

Products:

Dell Integrated Dell Remote Access Controller 9
Dell Integrated Dell Remote Access Controller 10

Versions: iDRAC9: 14G prior to 7.00.00.181, 15G and 16G versions 6.10.80.00 through 7.20.10.50; iDRAC10: 17G versions prior to 1.20.25.00

Operating Systems: Not applicable - iDRAC is firmware-based

Default Config Vulnerable: ⚠️ Yes

Notes: Requires high-privilege remote access credentials to exploit

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of iDRAC controller leading to server takeover, credential theft, or firmware manipulation

🟠

Likely Case

Unauthorized access to sensitive configuration files, logs, or credentials stored on iDRAC

🟢

If Mitigated

Limited impact due to network segmentation and strict access controls preventing exploitation

🌐 Internet-Facing: HIGH - iDRAC interfaces exposed to internet are prime targets for exploitation

🏢 Internal Only: MEDIUM - Internal attackers with iDRAC access could exploit this vulnerability

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Path traversal vulnerabilities typically have low exploitation complexity once authentication is bypassed

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iDRAC9: 7.00.00.181+ for 14G, 7.20.10.50+ for 15G/16G; iDRAC10: 1.20.25.00+

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000384516/dsa-2025-376-security-update-for-dell-idrac9-and-idrac10-vulnerabilities

Restart Required: Yes

Instructions:

1. Download firmware update from Dell Support site 2. Apply update via iDRAC web interface or RACADM 3. Reboot iDRAC controller 4. Verify firmware version

🔧 Temporary Workarounds

Network Segmentation

all

Restrict iDRAC management interfaces to dedicated management VLANs

Access Control Hardening

all

Implement strict access controls and multi-factor authentication for iDRAC interfaces

🧯 If You Can't Patch

Isolate iDRAC interfaces from internet and restrict to management networks only
Implement strict monitoring and alerting for iDRAC access attempts

🔍 How to Verify

Check if Vulnerable:

Check iDRAC firmware version via web interface or SSH: racadm getversion

Check Version:

racadm getversion | grep -i firmware

Verify Fix Applied:

Verify firmware version matches patched versions listed in vendor advisory

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns in iDRAC logs
Multiple failed authentication attempts followed by successful login

Network Indicators:

Unusual traffic patterns to iDRAC management interfaces
Requests containing path traversal patterns (../)

SIEM Query:

source="idrac*" AND (event_type="file_access" OR event_type="authentication")

📊 Metadata

CVE ID: CVE-2025-22397

CVSS v3 Score: 6.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H

CWE: CWE-22

EPSS Score: 0.09% exploit probability (25.3th percentile)

Published: November 6, 2025

Last Updated: January 21, 2026

🔗 References

https://www.dell.com/support/kbdoc/en-us/000384516/dsa-2025-376-security-update-for-dell-idrac9-and-idrac10-vulnerabilities Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-22397, you might also want to check these: