CVE-2025-22478

{"id": "CVE-2025-22478", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2025-05-06T16:15:27.210", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000317318/dsa-2025-191-security-update-for-storage-center-dell-storage-manager-vulnerabilities", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-611"}]}], "descriptions": [{"lang": "en", "value": "Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering."}, {"lang": "es", "value": "Dell Storage Center - Dell Storage Manager, versi\u00f3n 20.1.20, presenta una vulnerabilidad de restricci\u00f3n incorrecta de referencias a entidades externas XML. Un atacante no autenticado con acceso a la red adyacente podr\u00eda explotar esta vulnerabilidad, lo que podr\u00eda provocar la divulgaci\u00f3n y manipulaci\u00f3n de informaci\u00f3n."}], "lastModified": "2025-05-13T20:17:50.513", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:storage_manager:16.3.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B35D3F3-363D-42AF-A582-FFA03154B20A"}, {"criteria": "cpe:2.3:a:dell:storage_manager:2016:r2.1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43A8A705-CD7C-4AE8-9175-923BCE7BB6F1"}, {"criteria": "cpe:2.3:a:dell:storage_manager:2020:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "567442CC-381B-43A1-ADE9-AE00075021D4"}, {"criteria": "cpe:2.3:a:dell:storage_manager:2020:r1.10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B978EFB1-877F-4091-A401-F1861229E033"}, {"criteria": "cpe:2.3:a:dell:storage_manager:2020:r1.2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "263E78BD-D8C0-480F-9EED-D5496708CFCD"}, {"criteria": "cpe:2.3:a:dell:storage_manager:2020:r1.20:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1055DB85-9105-44E5-9CEB-509C7F7041FE"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}