CVE-2025-29986

HIGH

Dell CEE 9.0.0.0 - SSRF

Title source: llm

Description

Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s) an Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Common Anti-Virus Agent (CAVA). An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

References (1)

[Vendor Advisory] https://www.dell.com/support/kbdoc/en-us/000303931/dsa-2025-158-security-update-for-dell-common-event-enabler-vulnerabilities

Scores

CVSS v3 8.3

EPSS 0.0050

EPSS Percentile 65.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Classification

CWE

CWE-923

Status published

Affected Products (1)

dell/common_event_enabler

Timeline

Published Apr 08, 2025

Tracked Since Feb 18, 2026