CVE-2025-15579 CRITICAL

CVE-2025-15579: An Insecure Deserialization vulnerability has been discovered in OpenText™ Directory Services.

Vendor Opentext™
Product Directory Services
Weakness CWE-502 · Unsafe deserialization
Published February 18, 2026
Last update February 27, 2026

CVSS base score

9.5/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:Y/R:U/V:C/RE:M/U:Red

What the vulnerability does

01Description

Deserialization of Untrusted Data vulnerability in OpenText™ Directory Services allows Object Injection.  The vulnerability could lead to remote code execution, denial of service, or privilege escalation. This issue affects Directory Services: before 24.4.16, from 25.1 before 25.1.9, from 25.2 before 25.2.9, from 25.3 before 25.3.8, from 25.4 before 25.4.5, from 26.1 before 26.1.2.

Key dates

02Disclosure timeline

February 18, 2026 CVE published
February 27, 2026 Record updated