CVE-2025-36603 MEDIUM

CVE-2025-36603

Vendor Dell
Product AppSync
Weakness CWE-611 · XXE
Published July 21, 2025
Last update July 21, 2025

CVSS base score

4.2/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

Dell AppSync, version(s) 4.6.0.0, contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering.

Key dates

02Disclosure timeline

July 21, 2025 CVE published
July 21, 2025 Record updated