Server-Side Request Forgery in Dell UCC Edge
CVE-2025-22399

7.9HIGH

Key Information:

Vendor: Dell
Status: Ucc Edge
Vendor: CVE Published:; 11 February 2025

Summary

Dell UCC Edge, specifically version 2.3.0, is vulnerable to a Blind Server-Side Request Forgery (SSRF) attack. An unauthenticated attacker with local access could exploit this vulnerability, potentially leading to unauthorized server requests and data exposure. It is crucial for users of this product to implement security updates and assess their systems to mitigate any risks associated with this issue.

Affected Version(s)

UCC Edge < 3.0.0

References

https://www.dell.com/support/kbdoc/en-us/000279299/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.9

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Jan 6, 2025