CVE-2025-15579 - Vulnerability Details - OpenCVE

Deserialization of Untrusted Data vulnerability in OpenText™ Directory Services allows Object Injection. The vulnerability could lead to remote code execution, denial of service, or privilege escalation. This issue affects Directory Services: from 10.5 through 26.1.

Attack Vector Network

Attack Complexity High

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact total

No data.

No data.

No data.

No data.

References

Link	Providers
https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0859600&sys_kb_id=f82c01214707b6144549b6bd416d43b7&spa=1

History

Wed, 18 Feb 2026 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 18 Feb 2026 15:30:00 +0000

Type	Values Removed	Values Added
Description		Deserialization of Untrusted Data vulnerability in OpenText™ Directory Services allows Object Injection. The vulnerability could lead to remote code execution, denial of service, or privilege escalation. This issue affects Directory Services: from 10.5 through 26.1.
Title		An Insecure Deserialization vulnerability has been discovered in OpenText™ Directory Services.
Weaknesses		CWE-502
References		https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0859600&sys_kb_id=f82c01214707b6144549b6bd416d43b7&spa=1
Metrics		cvssV4_0 `{'score': 9.5, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:Y/R:U/V:C/RE:M/U:Red'}`

MITRE

Status: PUBLISHED

Assigner: OpenText

Published: 2026-02-18T14:57:04.010Z

Updated: 2026-02-18T18:20:06.518Z

Reserved: 2026-02-17T15:58:22.563Z

Link: CVE-2025-15579

Vulnrichment

Updated: 2026-02-18T18:19:59.980Z

NVD

Status : Awaiting Analysis

Published: 2026-02-18T16:22:28.290

Modified: 2026-02-18T17:51:53.510

Link: CVE-2025-15579

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-15579", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "state": "PUBLISHED", "assignerShortName": "OpenText", "dateReserved": "2026-02-17T15:58:22.563Z", "datePublished": "2026-02-18T14:57:04.010Z", "dateUpdated": "2026-02-18T18:20:06.518Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Directory Services", "vendor": "OpenText\u2122", "versions": [{"lessThanOrEqual": "26.1", "status": "affected", "version": "10.5", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Dylan Pindur - Assetnote"}, {"lang": "en", "type": "finder", "value": "Adam Kues - Assetnote"}, {"lang": "en", "type": "finder", "value": "Tomais Williamson - Assetnote"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Deserialization of Untrusted Data vulnerability in OpenText\u2122 Directory Services allows Object Injection. The vulnerability could lead to remote code execution, denial of service, or\nprivilege escalation.\n\n<p>This issue affects Directory Services: from 10.5 through 26.1.</p>"}], "value": "Deserialization of Untrusted Data vulnerability in OpenText\u2122 Directory Services allows Object Injection. The vulnerability could lead to remote code execution, denial of service, or\nprivilege escalation.\n\nThis issue affects Directory Services: from 10.5 through 26.1."}], "impacts": [{"capecId": "CAPEC-586", "descriptions": [{"lang": "en", "value": "CAPEC-586 Object Injection"}]}], "metrics": [{"cvssV4_0": {"Automatable": "YES", "Recovery": "USER", "Safety": "PRESENT", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.5, "baseSeverity": "CRITICAL", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "RED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:Y/R:U/V:C/RE:M/U:Red", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2026-02-18T14:57:04.010Z"}, "references": [{"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0859600&sys_kb_id=f82c01214707b6144549b6bd416d43b7&spa=1"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<a target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0859600&sys_kb_id=f82c01214707b6144549b6bd416d43b7&spa=1\">https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0859600&sys_kb_id=f82c01214707b6144549b6bd416d43b7&spa=1</a>\n\n<br>"}], "value": "https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0859600&sys_kb_id=f82c01214707b6144549b6bd416d43b7&spa=1"}], "source": {"discovery": "UNKNOWN"}, "title": "An Insecure Deserialization vulnerability has been discovered in OpenText\u2122 Directory Services.", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-18T18:19:55.256380Z", "id": "CVE-2025-15579", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-18T18:20:06.518Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-15579", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-18T18:19:55.256380Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-18T18:19:59.980Z"}}], "cna": {"title": "An Insecure Deserialization vulnerability has been discovered in OpenText\u2122 Directory Services.", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Dylan Pindur - Assetnote"}, {"lang": "en", "type": "finder", "value": "Adam Kues - Assetnote"}, {"lang": "en", "type": "finder", "value": "Tomais Williamson - Assetnote"}], "impacts": [{"capecId": "CAPEC-586", "descriptions": [{"lang": "en", "value": "CAPEC-586 Object Injection"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "PRESENT", "version": "4.0", "Recovery": "USER", "baseScore": 9.5, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:Y/R:U/V:C/RE:M/U:Red", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "RED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "OpenText\u2122", "product": "Directory Services", "versions": [{"status": "affected", "version": "10.5", "versionType": "custom", "lessThanOrEqual": "26.1"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0859600&sys_kb_id=f82c01214707b6144549b6bd416d43b7&spa=1", "supportingMedia": [{"type": "text/html", "value": "<a target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0859600&sys_kb_id=f82c01214707b6144549b6bd416d43b7&spa=1\">https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0859600&sys_kb_id=f82c01214707b6144549b6bd416d43b7&spa=1</a>\n\n<br>", "base64": false}]}], "references": [{"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0859600&sys_kb_id=f82c01214707b6144549b6bd416d43b7&spa=1"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Deserialization of Untrusted Data vulnerability in OpenText\u2122 Directory Services allows Object Injection. The vulnerability could lead to remote code execution, denial of service, or\nprivilege escalation.\n\nThis issue affects Directory Services: from 10.5 through 26.1.", "supportingMedia": [{"type": "text/html", "value": "Deserialization of Untrusted Data vulnerability in OpenText\u2122 Directory Services allows Object Injection. The vulnerability could lead to remote code execution, denial of service, or\nprivilege escalation.\n\n<p>This issue affects Directory Services: from 10.5 through 26.1.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2026-02-18T14:57:04.010Z"}}}, "cveMetadata": {"cveId": "CVE-2025-15579", "state": "PUBLISHED", "dateUpdated": "2026-02-18T18:20:06.518Z", "dateReserved": "2026-02-17T15:58:22.563Z", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "datePublished": "2026-02-18T14:57:04.010Z", "assignerShortName": "OpenText"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Deserialization of Untrusted Data vulnerability in OpenText\u2122 Directory Services allows Object Injection. The vulnerability could lead to remote code execution, denial of service, or\nprivilege escalation.\n\nThis issue affects Directory Services: from 10.5 through 26.1."}], "id": "CVE-2025-15579", "lastModified": "2026-02-18T17:51:53.510", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "USER", "Safety": "PRESENT", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.5, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "RED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:C/RE:M/U:Red", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "source": "security@opentext.com", "type": "Secondary"}]}, "published": "2026-02-18T16:22:28.290", "references": [{"source": "security@opentext.com", "url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0859600&sys_kb_id=f82c01214707b6144549b6bd416d43b7&spa=1"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "security@opentext.com", "type": "Primary"}]}