CVE-2025-38743 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
dell	CNA	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA-ADP	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 1%

Common Weakness Enumeration

CWE-805 - Buffer Access with Incorrect Length Value
The software uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer.

Vulnerability Media Exposure

[GERMAN] Sicherheitspatch: Dells Serververwaltung iDRAC ist für Attacken anfällig
In Dell iDRAC Service Modul stecken zwei Schwachstellen, die die Entwickler nun geschlossen haben.
Published: 2025-08-22T08:01:00+00:00
[GERMAN] Dell iDRAC (iSM): Mehrere Schwachstellen
Ein lokaler Angreifer kann mehrere Schwachstellen in Dell integrated Dell Remote Access Controller ausnutzen, um beliebigen Programmcode auszuführen und sich erweiterte Privilegien zu erlangen.
Published: 2025-08-21T22:00:00+00:00

References

https://www.dell.com/support/kbdoc/en-us/000359617/dsa-2025-311-security-update-for-dell-idrac-service-module-vulnerabilities