Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains a Buffer Access with Incorrect Length Value vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 03 Sep 2025 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Dell emc Idrac Service Module
CPEs cpe:2.3:a:dell:emc_idrac_service_module:*:*:*:*:*:*:*:*
Vendors & Products Dell emc Idrac Service Module

Sat, 23 Aug 2025 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell idrac Service Module
Vendors & Products Dell
Dell idrac Service Module

Thu, 21 Aug 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 21 Aug 2025 19:00:00 +0000

Type Values Removed Values Added
Description Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains a Buffer Access with Incorrect Length Value vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.
Weaknesses CWE-805
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2025-08-22T03:55:45.858Z

Reserved: 2025-04-16T05:03:52.415Z

Link: CVE-2025-38743

cve-icon Vulnrichment

Updated: 2025-08-21T18:55:11.660Z

cve-icon NVD

Status : Analyzed

Published: 2025-08-21T19:15:42.140

Modified: 2025-09-03T16:22:35.137

Link: CVE-2025-38743

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-23T11:53:19Z