CVE-2025-22399

High

Published: 11 February 2025

Published

11 February 2025

Modified

06 December 2025

KEV Added

—

Patch

—

CVSS Score 7.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L

EPSS Score 0.0006 17.0th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

Dell UCC Edge, version 2.3.0, contains a Blind SSRF on Add Customer SFTP Server vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Server-side request forgery

Security Summary

CVE-2025-22399 is a Blind Server-Side Request Forgery (SSRF) vulnerability, classified under CWE-918, affecting the Add Customer SFTP Server feature in Dell UCC Edge version 2.3.0. It enables server-side request forgery and carries a CVSS v3.1 base score of 7.9 (AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L). The vulnerability was published on 2025-02-11T17:15:34.453.

An unauthenticated attacker with local access can exploit this vulnerability with low attack complexity and no user interaction. Exploitation leads to server-side request forgery, resulting in high integrity impact, low availability impact, and a high scope change, while confidentiality remains unaffected.

Dell's security advisory DSA-2025-043 addresses this vulnerability along with multiple others in Dell UCC Edge through a security update. Details are available at https://www.dell.com/support/kbdoc/en-us/000279299/dsa-2025-043-security-update-for-dell-ucc-edge-security-update-for-multiple-vulnerabilities.

Details

CWE(s): CWE-918

Affected Products

dell

utility configuration collector edge

2.3.0

References

https://www.dell.com/support/kbdoc/en-us/000279299/dsa-2025-043-security-update-for-dell-ucc-edge-security-update-for-multiple-vulnerabilities
Patch, Vendor Advisory · security_alert@emc.com