Sensitive Information Exposure in Dell PowerProtect Cyber Recovery
CVE-2025-26335

5.8MEDIUM

Key Information:

Vendor: Dell
Status: Powerprotect Cyber Recovery
Vendor: CVE Published:; 11 April 2025

Summary

Dell PowerProtect Cyber Recovery versions before 19.18.0.2 are vulnerable to an issue where sensitive information may be inserted into sent data. This could enable an attacker with high privileges and remote access to exploit the system effectively, leading to potential information exposure. It is crucial for users of the affected versions to apply the necessary updates to mitigate this risk and secure their sensitive data.

Affected Version(s)

PowerProtect Cyber Recovery < 19.18.0.2

References

https://www.dell.com/support/kbdoc/en-us/000306005/dsa-20...

vendor-advisory

CVSS V3.1

Score:

5.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 11, 2025
Vulnerability Reserved
Feb 7, 2025