CVE-2025-27689
Description
Improper access control in Dell iDRAC Tools prior to 11.3.0.0 allows low-privileged local attacker to elevate privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Improper access control in Dell iDRAC Tools prior to 11.3.0.0 allows low-privileged local attacker to elevate privileges.
Vulnerability
Dell iDRAC Tools versions prior to 11.3.0.0 contain an improper access control vulnerability [1]. This flaw resides in the access control mechanisms, allowing a low-privileged user to bypass intended restrictions.
Exploitation
An attacker with low-privileged local access to the system can exploit this vulnerability without user interaction (CVSS:3.1/AV:L/AC:L/PR:L/UI:N). The attacker leverages the improper access control to execute operations that should require higher privileges [1].
Impact
Successful exploitation leads to elevation of privileges, granting the attacker high integrity, high confidentiality, and high availability impact [1]. The attacker can gain full control over the affected system.
Mitigation
Dell has released Dell iDRAC Tools version 11.3.0.0 to remediate this vulnerability [1]. Customers are advised to upgrade to this version or later. No workaround is available [1].
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<11.3.0.0+ 1 more
- (no CPE)range: <11.3.0.0
- (no CPE)range: N/A
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.