CVE-2024-25951
Description
A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A command injection flaw in Dell iDRAC8 local RACADM lets authenticated attackers gain OS-level control.
Vulnerability
A command injection vulnerability exists in the local RACADM interface of Dell iDRAC8 firmware versions prior to 2.85.85.85 [1]. The flaw allows an authenticated user with local or adjacent network access to inject arbitrary operating system commands through the RACADM tool's input handling [1].
Exploitation
An attacker must first have valid iDRAC8 local credentials (privilege level Low) and adjacent network access (AV:A) [1]. No user interaction is required; the attacker sends crafted input to the local RACADM command-line interface, triggering command injection without authentication bypass [1].
Impact
Successful exploitation yields arbitrary OS command execution on the underlying iDRAC8 operating system with the privileges of the RACADM process, leading to full confidentiality, integrity, and availability compromise (C:H/I:H/A:H) [1].
Mitigation
Dell fixed this vulnerability in iDRAC8 firmware version 2.85.85.85 [1]. Users must update to version 2.85.85.85 or later [1]. No workarounds are available [1]. The CVE is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: N/A
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.