CVE-2025-23376 LOW

CVE-2025-23376

Vendor Dell
Product PowerProtect Data Manager Reporting
Weakness CWE-1336
Published April 28, 2025
Last update April 28, 2025

CVSS base score

2.3/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure.

Key dates

02Disclosure timeline

April 28, 2025 CVE published
April 28, 2025 Record updated