Improper Encoding Flaw in Dell PowerProtect Data Manager
CVE-2025-23377

3.4LOW

Key Information:

Vendor: Dell
Status: Powerprotect Data Manager
Vendor: CVE Published:; 28 April 2025

What is CVE-2025-23377?

Dell PowerProtect Data Manager versions 19.17 and 19.18 are susceptible to a vulnerability that arises from improper encoding or escaping of output. This security flaw could allow a high-privileged attacker with local access to exploit the vulnerability, thereby injecting arbitrary web scripts or HTML into reporting outputs. Such an exploit may lead to unauthorized access or manipulation of sensitive information presented in the reports.

Affected Version(s)

PowerProtect Data Manager 19.15.0 <= 19.18.0-23

References

https://www.dell.com/support/kbdoc/en-us/000311083/dsa-20...

vendor-advisory

CVSS V3.1

Score:

3.4

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 28, 2025
Vulnerability Reserved
Jan 15, 2025