CVE-2025-22478

HIGH

8.1

Description

Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering.

CVE Details

CVSS v3.1 Score8.1

SeverityHIGH

CVSS VectorCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack VectorADJACENT_NETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published5/6/2025

Last Modified5/13/2025

Sourcenvd

Honeypot Sightings0

Affected Products

dell:storage_manager

Weaknesses (CWE)

CWE-611

References

https://www.dell.com/support/kbdoc/en-us/000317318/dsa-2025-191-security-update-for-storage-center-dell-storage-manager-vulnerabilities(security_alert@emc.com)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.