CVE-2025-26335

MEDIUM

Dell PowerProtect Cyber Recovery <19.18.0.2 - Info Disclosure

Title source: llm

Description

Dell PowerProtect Cyber Recovery, versions prior to 19.18.0.2, contains an Insertion of Sensitive Information Into Sent Data vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

References (1)

[Vendor Advisory] https://www.dell.com/support/kbdoc/en-us/000306005/dsa-2025-113-security-update-for-dell-powerprotect-cyber-recovery

Scores

CVSS v3 5.8

EPSS 0.0023

EPSS Percentile 45.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-201

Status published

Products (1)

dell/powerprotect_cyber_recovery < 19.18.0.2

Published Apr 11, 2025

Tracked Since Feb 18, 2026