CVE-2025-22399

High

Published: 11 February 2025

Published

11 February 2025

Modified

06 December 2025

KEV Added

—

Patch

—

CVSS Score 7.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L

EPSS Score 0.0006 17.1th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-22399 is a high-severity SSRF (CWE-918) vulnerability in Dell Utility Configuration Collector Edge. Its CVSS base score is 7.9 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Network Service Discovery (T1046); ranked at the 17.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Network Service Discovery (T1046) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly validates and sanitizes inputs to the Add Customer SFTP Server feature, preventing blind SSRF exploitation by rejecting forged server-side requests.

SI-2 Flaw Remediation good match

prevent

Ensures timely application of security updates like Dell's DSA-2025-043, remediating the specific SSRF flaw in UCC Edge 2.3.0.

SC-7 Boundary Protection partial match

preventdetect

Monitors and controls communications at system boundaries, blocking or detecting unauthorized server-side requests initiated via the SSRF vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1046 Network Service Discovery Discovery

Adversaries may attempt to get a listing of services running on remote hosts and local network infrastructure devices, including those that may be vulnerable to remote software exploitation.

attack.mitre.org →

T1018 Remote System Discovery Discovery

Adversaries may attempt to get a listing of other systems by IP address, hostname, or other logical identifier on a network that may be used for Lateral Movement from the current system.

attack.mitre.org →

Why these techniques?

Blind SSRF in local-access feature enables forged server requests for internal network service discovery (T1046) and remote system discovery (T1018) from the server's network perspective.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Dell UCC Edge, version 2.3.0, contains a Blind SSRF on Add Customer SFTP Server vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Server-side request forgery

Deeper analysisAI

CVE-2025-22399 is a Blind Server-Side Request Forgery (SSRF) vulnerability, classified under CWE-918, affecting the Add Customer SFTP Server feature in Dell UCC Edge version 2.3.0. It enables server-side request forgery and carries a CVSS v3.1 base score of 7.9 (AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L). The vulnerability was published on 2025-02-11T17:15:34.453.

An unauthenticated attacker with local access can exploit this vulnerability with low attack complexity and no user interaction. Exploitation leads to server-side request forgery, resulting in high integrity impact, low availability impact, and a high scope change, while confidentiality remains unaffected.

Dell's security advisory DSA-2025-043 addresses this vulnerability along with multiple others in Dell UCC Edge through a security update. Details are available at https://www.dell.com/support/kbdoc/en-us/000279299/dsa-2025-043-security-update-for-dell-ucc-edge-security-update-for-multiple-vulnerabilities.