CVE-2025-23377

CVSS 3.1 Score 3.4 of 10 (low)

Details

Published Apr 28, 2025

Updated: May 13, 2025

CWE ID 116

Summary

CVE-2025-23377 is a vulnerability affecting Dell PowerProtect Data Manager Reporting versions 19.17 and 19.18. This issue involves improper encoding or escaping of output, which can allow a high privileged attacker with local access to inject arbitrary web scripts or HTML into reporting outputs. The exploitation of this vulnerability could result in unauthorized modification or access to sensitive data. It is essential for organizations using impacted versions to apply patches or updates as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Dell

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/2fHgbD
https://www.cve.org/CVERecord?id=CVE-2025-23377
https://nvd.nist.gov/vuln/detail/CVE-2025-23377

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2025-23377

CVSS 3.1 Score 3.4 of 10 (low)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations