CVE-2025-23376: Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper Neutralization of Special Elements Used in a...

2.3 CVSS

Description

Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure.

Classification

CVE ID: CVE-2025-23376

CVSS Base Severity: LOW

CVSS Base Score: 2.3

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Problem Types

CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine

Affected Products

Vendor: Dell

Product: PowerProtect Data Manager Reporting

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 4.31% (scored less or equal to compared to others)

EPSS Date: 2025-05-27 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-23376
https://www.dell.com/support/kbdoc/en-us/000311083/dsa-2025-062-security-update-for-dell-powerprotect-data-manager-multiple-security-vulnerabilities

Timeline

2025-04-28 15:40:20 UTC
CVE

Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper Neutralization of Special Elements Used in a...