What is CVE-2025-26478?

CVE-2025-26478 is a low-severity vulnerability in Dell Ecs, classified under Improper Certificate Validation. CVSS score: 3.1/10. Published 2025-04-17.

How severe is CVE-2025-26478?

Low severity. CVSS v3 base score is 3.1 out of 10.

Is CVE-2025-26478 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Dell Ecs

CVE-2025-26478

Dell ECS version 3.8.1.4 and prior contain an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure.

Vulnerability class: Improper Certificate Validation

EPSS: 0.001 (30.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.1 (Low). Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Dell Ecs — versions N/A

Weakness classification (CWE)

CWE-295 — Improper Certificate Validation

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

www.dell.com/support/kbdoc/en-in/000300068/dsa-2025-097-security-update-for-del… (vendor-advisory)

Frequently asked questions

What is CVE-2025-26478?: CVE-2025-26478 is a low-severity vulnerability in Dell Ecs, classified under Improper Certificate Validation. CVSS score: 3.1/10. Published 2025-04-17.
How severe is CVE-2025-26478?: Low severity. CVSS v3 base score is 3.1 out of 10.
Is CVE-2025-26478 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.