Security update: Attackers can attack Dell's server management iDRAC
Dell iDRAC Service Module contains two vulnerabilities that the developers have now closed.
(Image: Alfa Photo/Shutterstock.com)
Attackers can exploit two vulnerabilities in Dell Remote Access Controller (iDRAC) for managing servers. An updated version is secured against possible attacks.
Security patch available
In a warning message, the developers write that specifically iDRAC Service Module under Windows is under threat. They assure that version 6.0.3.0 is secured. All previous versions are said to be vulnerable.
For both attacks, local attackers already require low user rights, so attacks are not possible without further ado. In both cases, malicious code can get onto systems and compromise them (CVE-2025-38742 "medium", CVE-2025-38743 "high").
Videos by heise
There are currently no further details on possible attack scenarios. It also remains unknown whether attackers are already exploiting the vulnerabilities. To prevent attacks, server admins should ensure that iDRAC is up-to-date.
At the beginning of August, Dell closed security gaps in the PowerProtect backup solution.
(des)
