Skip to main content

Storage Manager CVE-2025-22476

MEDIUM
Command Injection (CWE-77)
2025-05-06 security_alert@emc.com
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 18:40 vuln.today
CVE Published
May 06, 2025 - 17:15 nvd
MEDIUM 5.5

DescriptionCVE.org

Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Remote execution.

AnalysisAI

Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Command Injection (CWE-77), which allows attackers to inject arbitrary commands into system command execution. Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Remote execution. Affected products include: Dell Storage Manager.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized APIs, avoid shell execution, validate input with strict allowlists.

CVE-2015-5371 CRITICAL POC
10.0 Jul 06

The AuthenticationFilter class in SolarWinds Storage Manager allows remote attackers to upload and execute arbitrary scr

CVE-2012-2576 CRITICAL POC
9.8 Dec 20

SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Prof

CVE-2015-7838 CRITICAL
10.0 Oct 15

ProcessFileUpload.jsp in SolarWinds Storage Manager before 6.2 allows remote attackers to upload and execute arbitrary f

CVE-2017-14374 CRITICAL
9.8 Dec 06

The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 (aka 2016 R3.20) is protected using a hard-coded

CVE-2021-32522 CRITICAL
9.8 Jul 07

Improper restriction of excessive authentication attempts vulnerability in QSAN Storage Manager, XEVO, SANOS allows remo

CVE-2021-32521 CRITICAL
9.8 Jul 07

Use of MAC address as an authenticated password in QSAN Storage Manager, XEVO, SANOS allows local attackers to escalate

CVE-2021-32520 CRITICAL
9.8 Jul 07

Use of hard-coded cryptographic key vulnerability in QSAN Storage Manager allows attackers to obtain users’ credentials

CVE-2021-32513 CRITICAL
9.8 Jul 07

QsanTorture in QSAN Storage Manager does not filter special parameters properly that allows remote unauthenticated attac

CVE-2021-32512 CRITICAL
9.8 Jul 07

QuickInstall in QSAN Storage Manager does not filter special parameters properly that allows remote unauthenticated atta

CVE-2025-22477 HIGH
8.3 May 06

Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Authentication vulnerability. Rat

CVE-2025-22478 HIGH
8.1 May 06

Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Restriction of XML External Entit

CVE-2021-32527 HIGH
7.5 Jul 07

Path traversal vulnerability in QSAN Storage Manager allows remote unauthenticated attackers to download arbitrary files

Share

CVE-2025-22476 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy