Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.5
OpenText Directory Services: Untrusted Data Can Execute Malicious Code Remotely
CVE-2025-15579
Summary
A security flaw in OpenText Directory Services allows hackers to execute unauthorized code on your system, potentially causing harm. If left unpatched, this could lead to system crashes or unauthorized access to sensitive information. You should update to the latest version of OpenText Directory Services, specifically version 24.4.16 or later, or version 25.1.9 or later, depending on your version.
Original title
Deserialization of Untrusted Data vulnerability in OpenText™ Directory Services allows Object Injection.
The vulnerability could lead to remote code execution, denial of service, or privilege esc...
Original description
Deserialization of Untrusted Data vulnerability in OpenText™ Directory Services allows Object Injection.
The vulnerability could lead to remote code execution, denial of service, or privilege escalation.
This issue affects Directory Services: before 24.4.16, from 25.1 before 25.1.9, from 25.2 before 25.2.9, from 25.3 before 25.3.8, from 25.4 before 25.4.5, from 26.1 before 26.1.2.
The vulnerability could lead to remote code execution, denial of service, or privilege escalation.
This issue affects Directory Services: before 24.4.16, from 25.1 before 25.1.9, from 25.2 before 25.2.9, from 25.3 before 25.3.8, from 25.4 before 25.4.5, from 26.1 before 26.1.2.
nvd CVSS4.0
9.5
Vulnerability type
CWE-502
Deserialization of Untrusted Data
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026