CVE-2025-46699 — Improper Neutralization of Special Elements Used in a Template Engine in Dell Data Protection Advisor

CWE-1336 — Improper Neutralization of Special Elements Used in a Template Engine3 documents3 sources

Severity

6.5MEDIUMNVD

CNA4.3

EPSS

0.0%

top 95.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Data Protection Advisor

Timeline

PublishedJan 23

Description

Dell Data Protection Advisor, versions prior to 19.12, contains an Improper Neutralization of Special Elements Used in a Template Engine vulnerability in the Server. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5dell/data_protection_advisorN/A — 19.12

▶NVDdell/data_protection_advisor19.9 — 19.12

🔴Vulnerability Details

GHSA

GHSA-79rg-2hx6-cpcp: Dell Data Protection Advisor, versions prior to 19↗2026-01-23

▶

CVEList

CVE-2025-46699: Dell Data Protection Advisor, versions prior to 19↗2026-01-23

▶