CVE-2025-26513 – A local privilege escalation vulnerability exis... (How to Fix)

Q: What is the severity of CVE-2025-26513?

CVE-2025-26513 has a CVSS score of 7.0 (HIGH). A local privilege escalation vulnerability exists in the SAN Host Utilities for Windows installer versions before 8.0. This allows authenticated local users to gain elevated system privileges. Only Windows systems running vulnerable versions of SAN Host Utilities are affected.

📋 TL;DR

A local privilege escalation vulnerability exists in the SAN Host Utilities for Windows installer versions before 8.0. This allows authenticated local users to gain elevated system privileges. Only Windows systems running vulnerable versions of SAN Host Utilities are affected.

💻 Affected Systems

Products:

SAN Host Utilities for Windows

Versions: All versions prior to 8.0

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems where SAN Host Utilities for Windows is installed. The vulnerability is in the installer component.

📦 What is this software?

San Host Utilities by Netapp

View all CVEs affecting San Host Utilities →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains SYSTEM/administrator privileges, enabling complete system compromise, data theft, persistence installation, and lateral movement.

🟠

Likely Case

Malicious insider or compromised standard user account escalates to administrative privileges to bypass security controls.

🟢

If Mitigated

With proper access controls and least privilege principles, impact is limited to authorized users only.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring authenticated access to the system.

🏢 Internal Only: HIGH - Internal users with standard access can potentially gain administrative privileges on affected systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires local authenticated access. Based on CWE-269 (Improper Privilege Management), exploitation likely involves manipulating installer processes or permissions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 8.0 or later

Vendor Advisory: https://security.netapp.com/advisory/NTAP-20250806-0001

Restart Required: Yes

Instructions:

1. Download SAN Host Utilities for Windows version 8.0 or later from NetApp support site. 2. Uninstall previous version. 3. Install new version. 4. Restart system.

🔧 Temporary Workarounds

Restrict local user access

windows

Limit local user accounts on systems running SAN Host Utilities to trusted personnel only.

Implement least privilege

windows

Ensure users only have necessary permissions and cannot execute unauthorized installer operations.

🧯 If You Can't Patch

Remove SAN Host Utilities from non-essential systems if functionality not required
Implement strict access controls and monitor for privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check installed version of SAN Host Utilities via Programs and Features or using: Get-WmiObject -Class Win32_Product | Where-Object {$_.Name -like '*SAN Host Utilities*'} | Select-Object Name, Version

Check Version:

Get-WmiObject -Class Win32_Product | Where-Object {$_.Name -like '*SAN Host Utilities*'} | Select-Object Version

Verify Fix Applied:

Verify version is 8.0 or higher using same command and check that installer processes run with appropriate privileges.

📡 Detection & Monitoring

Log Indicators:

Unexpected installer process execution
Privilege escalation attempts in security logs
Unauthorized service creation

Network Indicators:

None - this is a local vulnerability

SIEM Query:

EventID=4688 AND (ProcessName LIKE '%installer%' OR ProcessName LIKE '%setup%') AND NewProcessName NOT IN (approved_installers)

📊 Metadata

CVE ID: CVE-2025-26513

CVSS v3 Score: 7.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-269

EPSS Score: 0.02% exploit probability (3.9th percentile)

Published: August 7, 2025

Last Updated: January 16, 2026

🔗 References

https://security.netapp.com/advisory/NTAP-20250806-0001 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-26513, you might also want to check these: