Command Injection Vulnerability in Dell Storage Manager by Dell
CVE-2025-22476

5.5MEDIUM

Key Information:

Vendor: Dell
Status: Dell Storage Center - Dell Storage Manager
Vendor: CVE Published:; 6 May 2025

What is CVE-2025-22476?

Dell Storage Manager, specifically version 20.1.20, contains a vulnerability that allows for improper neutralization of special elements. This command injection flaw may be exploited by a low privileged user with adjacent network access, potentially allowing them to execute commands remotely. Such exploitation could have significant implications for the integrity and availability of the affected systems.

Affected Version(s)

Dell Storage Center - Dell Storage Manager < 2020 R1.21

References

https://www.dell.com/support/kbdoc/en-us/000317318/dsa-20...

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2025
Vulnerability Reserved
Jan 7, 2025

Credit

Dell would like to thank sradulea and xiaohei from Ubisectech Sirius Team for reporting this issue.