CVE-2025-23374

HIGH

Dell Enterprise SONiC <4.2.3/<4.4.1 Authenticated Sensitive Info Exposure via Log File Insertion

Title source: llm

Description

Dell Networking Switches running Enterprise SONiC OS, version(s) prior to 4.4.1 and 4.2.3, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://www.dell.com/support/kbdoc/en-us/000278568/dsa-2025-057-security-update-for-dell-enterprise-sonic-distribution-vulnerability

Scores

CVSS v3 8.0

EPSS 0.0032

EPSS Percentile 23.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-532

Status published

Products (2)

dell/enterprise_sonic_distribution 4.4.0

dell/enterprise_sonic_distribution < 4.2.3

Published Jan 30, 2025

Tracked Since Feb 18, 2026