A critical security vulnerability has been identified in NetApp SnapCenter, which could potentially allow an attacker to escalate their privileges if exploited successfully.
NetApp SnapCenter is an enterprise-focused software solution designed to manage data protection across various applications, databases, virtual machines, and file systems. It provides capabilities for backing up, restoring, and cloning data resources.
The vulnerability in question, tracked as CVE-2025-26512, has a CVSS score of 9.9 out of 10.0, indicating a high level of severity.
According to NetApp’s advisory, published recently, SnapCenter versions prior to 6.0.1P1 and 6.1P1 are vulnerable to an issue that could allow an authenticated SnapCenter Server user to gain admin privileges on a remote system with a SnapCenter plug-in installed.
The issue has been addressed in SnapCenter versions 6.0.1P1 and 6.1P1. However, there are currently no available workarounds for this vulnerability.
Although there is no evidence of this vulnerability being exploited in the wild, it is crucial for organizations to apply the latest updates to protect themselves against potential threats.
