Improper Encoding Flaw in Dell PowerProtect Data Manager
CVE-2025-23377

3.4LOW

Key Information:

Vendor

Dell

Vendor
CVE Published:
28 April 2025

What is CVE-2025-23377?

Dell PowerProtect Data Manager versions 19.17 and 19.18 are susceptible to a vulnerability that arises from improper encoding or escaping of output. This security flaw could allow a high-privileged attacker with local access to exploit the vulnerability, thereby injecting arbitrary web scripts or HTML into reporting outputs. Such an exploit may lead to unauthorized access or manipulation of sensitive information presented in the reports.

Affected Version(s)

PowerProtect Data Manager 19.15.0 <= 19.18.0-23

References

CVSS V3.1

Score:
3.4
Severity:
LOW
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-23377 : Improper Encoding Flaw in Dell PowerProtect Data Manager