CVE-2025-22399

CVSS 3.1 Score 7.9 of 10 (high)

Details

Published Feb 11, 2025

CWE ID 918

Summary

CVE-2025-22399 is a newly identified vulnerability affecting Dell UCC Edge version 2.3.0. This issue involves a Blind Server-Side Request Forgery (SSRF) in the "Add Customer SFTP Server" functionality. An attacker with local access can potentially exploit this vulnerability, enabling them to issue unauthorized server-side requests and potentially gain unauthorized access to internal systems or data. The impact of this vulnerability can be significant, as it allows an attacker to bypass authentication and execute arbitrary commands on the affected system. Organizations using Dell UCC Edge version 2.3.0 are advised to apply the necessary patches or updates as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database