CVE-2025-36588 – This SQL injection vulnerability in Dell Unisph... (How to Fix)

Q: What is the severity of CVE-2025-36588?

CVE-2025-36588 has a CVSS score of 8.8 (HIGH). This SQL injection vulnerability in Dell Unisphere for PowerMax allows low-privileged remote attackers to execute arbitrary commands on affected systems. It affects version 10.2.0.x of the software, potentially compromising PowerMax storage management environments. Attackers could gain unauthorized access and control over storage infrastructure.

📋 TL;DR

This SQL injection vulnerability in Dell Unisphere for PowerMax allows low-privileged remote attackers to execute arbitrary commands on affected systems. It affects version 10.2.0.x of the software, potentially compromising PowerMax storage management environments. Attackers could gain unauthorized access and control over storage infrastructure.

💻 Affected Systems

Products:

Dell Unisphere for PowerMax
Dell Unisphere for PowerMax Virtual Appliance
Dell Unisphere 360

Versions: 10.2.0.x

Operating Systems: Not specified - appliance/software dependent

Default Config Vulnerable: ⚠️ Yes

Notes: Affects both physical and virtual appliance deployments. Requires attacker to have low-privileged access to the management interface.

📦 What is this software?

Unisphere For Powermax by Dell

View all CVEs affecting Unisphere For Powermax →

Unisphere For Powermax Virtual Appliance by Dell

View all CVEs affecting Unisphere For Powermax Virtual Appliance →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of PowerMax storage management system leading to data exfiltration, destruction, or ransomware deployment across connected storage arrays.

🟠

Likely Case

Unauthorized command execution leading to privilege escalation, data access, and potential lateral movement within the storage management network.

🟢

If Mitigated

Limited impact due to network segmentation, strict access controls, and monitoring preventing successful exploitation.

🌐 Internet-Facing: HIGH if exposed to internet, as remote attackers can exploit without authentication requirements.

🏢 Internal Only: HIGH due to low privilege requirement and potential for lateral movement within enterprise networks.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires low-privileged credentials but SQL injection to RCE chain makes exploitation straightforward for skilled attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to version specified in DSA-2025-425 advisory

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000402262/dsa-2025-425-dell-powermaxos-dell-powermax-eem-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtual-appliance-dell-unisphere-360-dell-solutions-enabler-virtual-appliance-security-update-for-multiple-vulnerabilities

Restart Required: Yes

Instructions:

1. Review DSA-2025-425 advisory. 2. Download appropriate patch from Dell support portal. 3. Apply patch following Dell's update procedures. 4. Restart affected services/systems. 5. Verify successful update.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Unisphere management interfaces from untrusted networks and limit access to authorized administrators only.

Access Control Hardening

all

Implement strict role-based access controls and monitor for unusual authentication patterns.

🧯 If You Can't Patch

Implement strict network segmentation to isolate Unisphere interfaces
Enable comprehensive logging and monitoring for SQL injection attempts

🔍 How to Verify

Check if Vulnerable:

Check Unisphere version via web interface or CLI. If version is 10.2.0.x, system is vulnerable.

Check Version:

Check via Unisphere web interface or consult Dell documentation for version verification commands.

Verify Fix Applied:

Verify version has been updated beyond 10.2.0.x and check patch application logs.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in application logs
Multiple failed authentication attempts followed by SQL patterns
Unexpected command execution events

Network Indicators:

SQL injection patterns in HTTP requests to Unisphere endpoints
Unusual outbound connections from Unisphere systems

SIEM Query:

source="unisphere" AND ("sql" OR "union" OR "select" OR "exec" OR ";") AND status="200"

📊 Metadata

CVE ID: CVE-2025-36588

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

EPSS Score: 0.06% exploit probability (19.4th percentile)

Published: January 22, 2026

Last Updated: February 26, 2026

🔗 References

https://www.dell.com/support/kbdoc/en-us/000429268/dsa-2026-102-dell-unisphere-for-powermax-and-powermax-eem-security-update-for-multiple-vulnerabilities

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-36588, you might also want to check these: