Critical NetApp SnapCenter Server Vulnerability Let Attackers Become an Admin User

A high-severity security vulnerability discovered in NetApp SnapCenter could allow authenticated users to gain administrative privileges on remote systems, posing significant risks to organizational data and infrastructure security. 

Security researchers have identified this vulnerability, CVE-2025-26512, which carries a critical CVSS score of 9.9.

NetApp released a security advisory on March 24, 2025, detailing a privilege escalation flaw affecting SnapCenter versions prior to 6.0.1P1 and 6.1P1. 

The vulnerability may allow an authenticated SnapCenter Server user to become an admin user on remote systems where a SnapCenter plug-in has been installed.

The vulnerability has been assigned the following CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H, indicating its critical nature with high impacts on confidentiality, integrity, and availability.

Stop attacks before they start, powered by a 97% precise neural Network to Detect Cyber Attacks

NetApp SnapCenter Server Vulnerability

“SnapCenter versions prior to 6.0.1P1 and 6.1P1 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed,” reads the advisory.

The summary of the vulnerability is given below:

Risk Factors	Details
Affected Products	SnapCenter versions prior to 6.0.1P1 and 6.1P1
Impact	Allows an authenticated SnapCenter Server user to become an admin user
Exploit Prerequisites	Authentication as a SnapCenter Server user
CVSS 3.1 Score	9.9 (CRITICAL)

Successful exploitation of this vulnerability could have severe consequences. According to security experts, an attacker with low-privilege access to the SnapCenter Server could exploit this vulnerability to gain administrative control over remote systems. 

This elevation of privileges could potentially lead to:

• Complete system compromise
• Unauthorized data access and theft
• System modifications without authorization
• Lateral movement within the network

The vulnerability particularly concerns organizations that rely on SnapCenter Software. This simple, centralized, scalable platform provides application-consistent data protection for applications, databases, host file systems, and VMs running on ONTAP systems anywhere in the Hybrid Cloud.

Mitigation Steps

NetApp is providing software fixes to address this vulnerability. Users can obtain these fixes through the NetApp Support website in the Software Download section. 

Organizations using affected SnapCenter versions should take immediate action by:

• Upgrading to SnapCenter versions 6.0.1P1 or 6.1P1.
• Implementing strict access controls for SnapCenter Server.
• Monitoring for suspicious administrative activities.
• Conducting thorough security audits of systems with SnapCenter plug-ins.
• Limiting network access to SnapCenter Server to trusted networks.

As of March 26, 2025, there is no evidence of public exploitation of this vulnerability. However, given its critical severity rating, organizations should prioritize patching to mitigate potential risks.

Users of affected SnapCenter versions are strongly advised to visit the NetApp Support website and apply the provided updates as soon as possible.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free