CVE-2025-23374 – “Dell Networking Switches Enterprise SONiC OS Log File Information Exfiltration”

The following table lists the changes that have been made to the CVE-2025-23374 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received by [email protected]

    Jan. 30, 2025

    Action Type Old Value New Value
    Added Description Dell Networking Switches running Enterprise SONiC OS, version(s) prior to 4.4.1 and 4.2.3, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.
    Added CVSS V3.1 AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
    Added CWE CWE-532
    Added Reference https://www.dell.com/support/kbdoc/en-us/000278568/dsa-2025-057-security-update-for-dell-enterprise-sonic-distribution-vulnerability

نوشته های مشابه

CVE-2024-54851 – Teedy CSRF overposting

CVE-2024-10591 – HubSpot for WooCommerce WordPress Plugin Privilege Escalation Cross-Site Vulnerability

CVE-2024-12129 – WordPress Royal Core Plugin Unauthenticated Privilege Escalation Vulnerability

CVE-2024-12821 – UserPro WordPress Media Manager Unauthorized Data Modification Vulnerability