CVE-2025-22476

Published: May 6, 2025Modified: Nov 4, 2025

8.0

Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.1 / Impact: 5.9

Source: NVD

Description

Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Remote execution.

Affected (5)

Products: Dell: Storage Manager

Dell

1 product

Storage Manager

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Dell Storage Manager	Before 2020
Dell Storage Manager	Version 2020 r1.10
Dell Storage Manager	Version 2020 r1.20
Dell Storage Manager	Version 2020 r1.2
Dell Storage Manager	Version 2020 r1

Related CWEs

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (1)

https://www.dell.com/support/kbdoc/en-us/000317318/dsa-2025-191-security-update-for-storage-center-dell-storage-manager-vulnerabilities

Source: security_alert@emc.com

Vendor Advisory

Timeline

No history available yet.