CVE-2025-22394 MEDIUM

CVE-2025-22394

Vendor Dell
Product Dell Display Manager
Weakness CWE-367
Published January 15, 2025
Last update January 15, 2025

CVSS base score

6.7/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Dell Display Manager, versions prior to 2.3.2.18, contain a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to code execution and possibly privilege escalation.

Key dates

02Disclosure timeline

January 15, 2025 CVE published
January 15, 2025 Record updated