CVE-2025-23377

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Manager Reporting versions 19.17 through 19.18

Description The issue is related to improper encoding or escaping of output, which could be exploited by an attacker with high privileges and local access to inject arbitrary web script or HTML code into report outputs.

Recommendations For versions 19.17 and 19.18, consider restricting access to the reporting feature until a fix is available. As a temporary workaround, limit the privileges of users who have access to the reporting outputs to minimize the risk of exploitation. Avoid using the reporting feature for sensitive data until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.