CVE-2025-22479
LOWDell Storage Manager 20.0.21 - Unauthenticated Path Traversal and Script Injection
Title source: llmDescription
Dell Storage Center - Dell Storage Manager, version(s) 20.0.21, contain(s) an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection.
References (1)
Core 1
Core References
Scores
CVSS v3
3.5
EPSS
0.0008
EPSS Percentile
23.2%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (3)
dell/storage_manager
16.3.20
dell/storage_manager
2016 r2.1
dell/storage_manager
2020 r1 (4 CPE variants)
Published
May 06, 2025
Tracked Since
Feb 18, 2026