CVE-2025-23377 MEDIUM

CVE-2025-23377

Vendor Dell
Product PowerProtect Data Manager
Weakness CWE-116
Published April 28, 2025
Last update April 28, 2025

CVSS base score

4.2/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Dell PowerProtect Data Manager Reporting, version(s) 19.17, 19.18 contain(s) an Improper Encoding or Escaping of Output vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to inject arbitrary web script or html in reporting outputs.

Key dates

02Disclosure timeline

April 28, 2025 CVE published
April 28, 2025 Record updated