Severity
Medium
Analysis Summary
CVE-2025-22476 CVSS:5.5
Dell Storage Center - Dell Storage Manager contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Remote execution.
CVE-2025-22477 CVSS:8.3
Dell Storage Center - Dell Storage Manager contains an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Elevation of privileges.
CVE-2025-22478 CVSS:8.1
Dell Storage Center - Dell Storage Manager, contains an Improper Restriction of XML External Entity Reference vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering.
CVE-2025-22479 CVSS:3.5
Dell Storage Center - Dell Storage Manager, contains an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection.
CVE-2025-23379 CVSS:3.5
Dell Storage Center - Dell Storage Manager contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection.
Impact
- Information Disclosure
- Data Manipulation
- Cross-Site Scripting
- Privilege Escalation
Indicators of Compromise
CVE
CVE-2025-22476
CVE-2025-22477
CVE-2025-22478
CVE-2025-22479
CVE-2025-23379
Affected Vendors
- Dell
Affected Products
- Dell Storage Manager - 20.1.20
Remediation
Refer to the Dell Security Advisory for patch, upgrade, or suggested workaround information.