CVE-2025-9086 Libcurl Vulnerability in NetApp Products
Summary
Multiple NetApp products incorporate Libcurl. Libcurl versions 7.31.0 through 8.15.0 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data or Denial of Service (DoS). Successful exploitation of this vulnerability could lead to addition or modification of data or Denial of Service (DoS). Affected products: Active IQ Unified Manager for Linux, Active IQ Unified Manager for VMware vSphere, NetApp HCI Baseboard Management Controller (BMC) - H610S, ONTAP 9, ONTAP Select Deploy administration utility. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
- 7.31.0
- 8.15.0
Official advisory · high-confidence parse· fetched 3 hours ago·verify at source
- Active IQ Unified Manager for VMware vSphere: 9.18P2
- ONTAP 9: 9.13.1P21
- ONTAP 9: 9.17.1P9
- ONTAP 9: 9.18.1P4
Official advisory · high-confidence parse· fetched 3 hours ago·verify at source
Mitigation checklist
- Update affected NetApp products to a fixed release: Active IQ Unified Manager for VMware vSphere: 9.18P2, ONTAP 9: 9.13.1P21, ONTAP 9: 9.17.1P9, ONTAP 9: 9.18.1P4.
- NetApp HCI Baseboard Management Controller (BMC) - H610S has no planned fix; migrate to a supported release or product and consult NetApp's end-of-support notice.
Official advisory · high-confidence parse· fetched 3 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.