Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Critical incorrect privilege assignment in NetApp SnapCenter which can lead to privilege escalation, Patch Immediately!
Image
Published : 25/03/2025
* Last update: 25/03/2025
* Affected software:: NetApp SnapCenter versions < 6.0.1P1 and 6.1P1
* Type: Incorrect Privilege Assignment, Privilege Escalation
* CVE/CVSS
→ CVE-2025-26512: CVSS 9.9 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Sources
https://security.netapp.com/advisory/NTAP-20250324-0001
Risks
NetApp SnapCenter is a centralized data protection and management software which provides backup, restore, and cloning operations for NetApp storage systems for virtual, physical, cloud environments.
Successful exploitation of CVE-2025-26512 in NetApp SnapCenter versions < 6.0.1P1 and 6.1P1, could lead to privilege escalation, as an attacker can gain admin rights.
This vulnerability has a significant impact on confidentiality, integrity, and availability.
As of 25/03/2025 there is no evidence of a proof of concept or exploitation.
Description
By exploiting this vulnerability, a remote, authenticated threat actor with low privileges can escalate their privileges to gain administrative access. That way, the attacker can modify the system without authorization, steal data, move laterally in the network, and completely compromise the system. This happens because the user can access restricted functionalities without authorization.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends upgrading SnapCenter to versions 6.0.1P1 or 6.1P1 for vulnerable devices with the highest priority after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.