Vulnerability in Dell iDRAC tools puts servers at risk
A vulnerability in Dell's server management software iDRAC Tools puts servers at risk. A repaired version is available for download.
(Image: AFANASEV IVAN/Shutterstock.com)
Attackers can use a vulnerability in Dell iDRAC tools to attack servers. The developers have now closed the vulnerability.
Security problem
The vulnerability (CVE-2025-27689) has been assigned a threat level of "high". To be able to launch an attack, a local attacker must already have low user rights. If this is the case, they can obtain higher rights in an unspecified way.
The developers assure that they have closed the vulnerability in iDRAC Tools 11.3.0.0. All previous versions are vulnerable. They point out in a post that the security patch only effectively protects systems in combination with certain Windows Server 2025 versions.
- V51N7 - Windows Server 2025 Standard
- JT4MH - Windows Server 2025 Datacenter
- G5F67 - Windows Server 2025 Essentials
Videos by heise
For the sake of simplicity, Dell offers a bundle consisting of the patched iDRAC version including a matching Windows Server 2025 edition for download as part of its Dell Digital Locker offer.
(des)
