NetApp Security Advisory NTAP-20250620-0007 on Resolved Vulnerability in ONTAP 9
Concerning Trusted Platform Module (TPM) library
This is a Press Release edited by StorageNewsletter.com on February 16, 2026 at 2:00 pmNetApp, Inc. had published a security advisory concerning Trusted Platform Module 2.0 resolved vulnerability in its products.
Advisory ID: NTAP-20250620-0007
Version: 2.0
Last updated: 02/06/2026
Status: Final
CVEs: CVE-2025-2884
Summary
Multiple NetApp products incorporate the Trusted Platform Module (TPM) library. The TPM 2.0 reference library specification published by the Trusted Computing Group is susceptible to a vulnerability which when exploited could allow an authenticated local attacker to send malicious commands to a vulnerable TPM interface, resulting in information disclosure or denial of service of the TPM.
Impact
Successful exploitation of these vulnerabilities could lead to disclosure of sensitive information or Denial of Service (DoS).
Affected Products: ONTAP 9
ONTAP 9:
Theoretically exploitable by an attacker with physical access to a system with a TPM and the ability to install a custom package that can bypass ONTAP security protections.
Vulnerability Scoring Details
|
CVE |
CVSS Score |
Vector |
|---|---|---|
|
CVE-2025-2884 |
MEDIUM (6.6) |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H |
Software Versions and Fixes
NetApp’s currently available patches are listed below.
Product:
First Fixed in Release ONTAP 9: https://mysupport.netapp.com/site/products/all/details/ontap9/downloads-tab/download/62286/9.18.1
Status of This Notice: Final
This advisory should be considered the single source of current, up-to-date, authorized and accurate information from NetApp regarding Full Support products and versions.
This advisory is posted at the following link: https://security.netapp.com/advisory/NTAP-20250620-0007
Revision History:
|
Revision # |
Date |
Comments |
|---|---|---|
|
2.0 |
20260206 |
ONTAP 9.18.1 added to Software Versions and Fixes, Final status |
|
1.0 |
20250620 |
Initial Public Release |
Exploitation and Public Announcements
NetApp is aware of public discussion of this vulnerability.
References
NetApp will continue to update this advisory as additional information becomes available.
This advisory should be considered the single source of current, up-to-date, authorized and accurate information from NetApp regarding Full Support products and versions.
This document is provided solely for informational purposes. All information is based upon NetApp’s current knowledge and understanding of the hardware and software products tested by NetApp, and the methodology and assumptions used by NetApp. NetApp is not responsible for any errors or omissions that may be contained herein, and no warranty, representation, or other legal commitment or obligation is being provided by NetApp. © 2026 NetApp, Inc. All rights reserved. No portions of this document may be reproduced without prior written consent of NetApp, Inc.
Subscribe to our free daily newsletter
