Severity
Medium
Analysis Summary
CVE-2025-23377 CVSS:4.2
Dell PowerProtect Data Manager Reporting, contains an Improper Encoding or Escaping of Output vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to inject arbitrary web script or html in reporting outputs.
CVE-2025-23376 CVSS:2.3
Dell PowerProtect Data Manager Reporting, contains an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure.
CVE-2025-23375 CVSS:7.8
Dell PowerProtect Data Manager Reporting, contains an Incorrect Use of Privileged APIs vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
Impact
- Gain Access
- Privilege Escalation
- Information Disclosure
Indicators of Compromise
CVE
CVE-2025-23377
CVE-2025-23376
CVE-2025-23375
Affected Vendors
- Dell
Affected Products
- Dell PowerProtect Data Manager Software 19.15.0 - 19.18.0
Remediation
Refer to Dell Security Advisory for patch, upgrade, or suggested workaround information.