CVE-2025-23374
Published: 30 January 2025
Summary
CVE-2025-23374 is a high-severity Insertion of Sensitive Information into Log File (CWE-532) vulnerability in Dell Enterprise Sonic Distribution. Its CVSS base score is 8.0 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 41.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AU-9 (Protection of Audit Information) and SI-11 (Error Handling).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the CVE by requiring timely identification, reporting, and correction of the specific flaw in Enterprise SONiC OS that inserts sensitive information into log files.
Prevents insertion of sensitive information into log files by enforcing error handling that limits diagnostic and error information to non-sensitive data only.
Protects audit and log files containing sensitive information from unauthorized access, modification, or deletion by high-privileged remote attackers.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability inserts sensitive data into log files on the local system; high-privileged remote attacker can access and read these logs to achieve information exposure, directly facilitating data collection from local system sources.
NVD Description
Dell Networking Switches running Enterprise SONiC OS, version(s) prior to 4.4.1 and 4.2.3, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.
Deeper analysisAI
CVE-2025-23374 is an Insertion of Sensitive Information into Log File vulnerability (CWE-532) affecting Dell Networking Switches running Enterprise SONiC OS in versions prior to 4.4.1 and 4.2.3. This flaw allows sensitive information to be logged, potentially exposing it to unauthorized viewers. The vulnerability received a CVSS v3.1 base score of 8.0 (AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to network accessibility, changed scope, and high impacts across confidentiality, integrity, and availability.
A high-privileged attacker with remote access could exploit this vulnerability to achieve information exposure. The required privileges and high attack complexity limit feasibility to insiders or compromised high-level accounts, but successful exploitation could reveal sensitive data from log files, potentially enabling further compromise given the CVSS impacts on integrity and availability.
Dell's security advisory DSA-2025-057 provides a security update for the Dell Enterprise SONiC distribution vulnerability, available at https://www.dell.com/support/kbdoc/en-us/000278568/dsa-2025-057-security-update-for-dell-enterprise-sonic-distribution-vulnerability. Practitioners should apply the relevant patches to versions prior to 4.4.1 and 4.2.3 to mitigate the issue.
Details
- CWE(s)