Improper Encoding Flaw in Dell PowerProtect Data Manager
CVE-2025-23377

4.2MEDIUM

Key Information:

Vendor: Dell
Status: Powerprotect Data Manager
Vendor: CVE Published:; 28 April 2025

Summary

Dell PowerProtect Data Manager versions 19.17 and 19.18 are susceptible to a vulnerability that arises from improper encoding or escaping of output. This security flaw could allow a high-privileged attacker with local access to exploit the vulnerability, thereby injecting arbitrary web scripts or HTML into reporting outputs. Such an exploit may lead to unauthorized access or manipulation of sensitive information presented in the reports.

Affected Version(s)

PowerProtect Data Manager 19.15.0 <= 19.18.0-23

References

https://www.dell.com/support/kbdoc/en-us/000311083/dsa-20...

vendor-advisory

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 28, 2025
Vulnerability Reserved
Jan 15, 2025