Improper Neutralization Vulnerability in Dell Data Protection Advisor Server
CVE-2025-46699

4.3MEDIUM

Key Information:

Vendor: Dell
Status: Data Protection Advisor
Vendor: CVE Published:; 23 January 2026

What is CVE-2025-46699?

A vulnerability exists in the Dell Data Protection Advisor Server, specifically related to improper neutralization of special elements in its template engine. This flaw may allow a low-privileged attacker with remote access to exploit the system, potentially leading to information exposure. Users are advised to upgrade to version 19.12 or later to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Data Protection Advisor < 19.12

References

https://www.dell.com/support/kbdoc/en-us/000281732/dsa-20...

vendor-advisory

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 23, 2026
Vulnerability Reserved
Apr 28, 2025

CVE-2025-46699 Data

JSON