![Apple Releases iOS 18.4 RC 2 and iPadOS 18.4 RC 2 to Developers [Download]](https://www.iclarified.com/images/news/96860/96860/96860-640.jpg)
![Amazon Drops Renewed iPhone 15 Pro Max to $762 [Big Spring Deal]](https://www.iclarified.com/images/news/96858/96858/96858-640.jpg)
![[The AI Show Episode 141]: Road to AGI (and Beyond) #1 — The AI Timeline is Accelerating](https://www.marketingaiinstitute.com/hubfs/ep%20141.1.png)
![[The AI Show Episode 140]: New AGI Warnings, OpenAI Suggests Government Policy, Sam Altman Teases Creative Writing Model, Claude Web Search & Apple’s AI Woes](https://www.marketingaiinstitute.com/hubfs/ep%20140%20cover.png)
![[The AI Show Episode 139]: The Government Knows AGI Is Coming, Superintelligence Strategy, OpenAI’s $20,000 Per Month Agents & Top 100 Gen AI Apps](https://www.marketingaiinstitute.com/hubfs/ep%20139%20cover-2.png)
![From broke musician to working dev. How college drop-out Ryan Furrer taught himself to code [Podcast #166]](https://cdn.hashnode.com/res/hashnode/image/upload/v1743189826063/2080cde4-6fc0-46fb-b98d-b3d59841e8c4.png?#)
![[FREE EBOOKS] The Ultimate Linux Shell Scripting Guide, Artificial Intelligence for Cybersecurity & Four More Best Selling Titles](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
![Mini Review: Rendering Ranger: R2 [Rewind] (Switch) - A Novel Run 'N' Gun/Shooter Hybrid That's Finally Affordable](https://images.nintendolife.com/0e9d68643dde0/large.jpg?#)
.jpg?#)
.png?#)
Critical NetApp SnapCenter Server Vulnerability Let Attackers Become an Admin User
A high-severity security vulnerability discovered in NetApp SnapCenter could allow authenticated users to gain administrative privileges on remote systems, posing significant risks to organizational data and infrastructure security. Security researchers have identified this vulnerability, CVE-2025-26512, which carries a critical CVSS score of 9.9. NetApp released a security advisory on March 24, 2025, detailing a privilege […] The post Critical NetApp SnapCenter Server Vulnerability Let Attackers Become an Admin User appeared first on Cyber Security News.
.webp?#)
A high-severity security vulnerability discovered in NetApp SnapCenter could allow authenticated users to gain administrative privileges on remote systems, posing significant risks to organizational data and infrastructure security.
Security researchers have identified this vulnerability, CVE-2025-26512, which carries a critical CVSS score of 9.9.
NetApp released a security advisory on March 24, 2025, detailing a privilege escalation flaw affecting SnapCenter versions prior to 6.0.1P1 and 6.1P1.
The vulnerability may allow an authenticated SnapCenter Server user to become an admin user on remote systems where a SnapCenter plug-in has been installed.
The vulnerability has been assigned the following CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H, indicating its critical nature with high impacts on confidentiality, integrity, and availability.
Stop attacks before they start, powered by a 97% precise neural Network to Detect Cyber Attacks
NetApp SnapCenter Server Vulnerability
“SnapCenter versions prior to 6.0.1P1 and 6.1P1 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed,” reads the advisory.
The summary of the vulnerability is given below:
Risk Factors Details Affected Products SnapCenter versions prior to 6.0.1P1 and 6.1P1 Impact Allows an authenticated SnapCenter Server user to become an admin user Exploit Prerequisites Authentication as a SnapCenter Server user CVSS 3.1 Score 9.9 (CRITICAL)
Successful exploitation of this vulnerability could have severe consequences. According to security experts, an attacker with low-privilege access to the SnapCenter Server could exploit this vulnerability to gain administrative control over remote systems.
This elevation of privileges could potentially lead to:
- Complete system compromise
- Unauthorized data access and theft
- System modifications without authorization
- Lateral movement within the network
The vulnerability particularly concerns organizations that rely on SnapCenter Software. This simple, centralized, scalable platform provides application-consistent data protection for applications, databases, host file systems, and VMs running on ONTAP systems anywhere in the Hybrid Cloud.
Mitigation Steps
NetApp is providing software fixes to address this vulnerability. Users can obtain these fixes through the NetApp Support website in the Software Download section.
Organizations using affected SnapCenter versions should take immediate action by:
- Upgrading to SnapCenter versions 6.0.1P1 or 6.1P1.
- Implementing strict access controls for SnapCenter Server.
- Monitoring for suspicious administrative activities.
- Conducting thorough security audits of systems with SnapCenter plug-ins.
- Limiting network access to SnapCenter Server to trusted networks.
As of March 26, 2025, there is no evidence of public exploitation of this vulnerability. However, given its critical severity rating, organizations should prioritize patching to mitigate potential risks.
Users of affected SnapCenter versions are strongly advised to visit the NetApp Support website and apply the provided updates as soon as possible.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
The post Critical NetApp SnapCenter Server Vulnerability Let Attackers Become an Admin User appeared first on Cyber Security News.
