CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-23374: Dell Networking Switches running Enterprise SONiC OS, version(s) prior to 4.4.1 and 4.2.3, contain(s) an Insertion of Sensitive Information into...

8.0 CVSS

Description

Dell Networking Switches running Enterprise SONiC OS, version(s) prior to 4.4.1 and 4.2.3, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

Classification

CVE ID: CVE-2025-23374

CVSS Base Severity: HIGH

CVSS Base Score: 8.0

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected Products

Vendor: Dell

Product: Enterprise SONiC OS

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 21.08% (scored less or equal to compared to others)

EPSS Date: 2025-02-28 (when was this score calculated)

References

https://www.dell.com/support/kbdoc/en-us/000278568/dsa-2025-057-security-update-for-dell-enterprise-sonic-distribution-vulnerability

Timeline

2025-01-31 00:30:22 UTC
CVE

Dell Networking Switches running Enterprise SONiC OS, version(s) prior to 4.4.1 and 4.2.3, contain(s) an Insertion of Sensitive Information into...