Cyber Resilience

CVE-2025-23374

High

Published: 30 January 2025

Published
30 January 2025
Modified
07 February 2025
KEV Added
Patch
CVSS Score v3.1 8.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0017 37.5th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-23374 is a high-severity Insertion of Sensitive Information into Log File (CWE-532) vulnerability in Dell Enterprise Sonic Distribution. Its CVSS base score is 8.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 37.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AU-9 (Protection of Audit Information) and SI-11 (Error Handling).

Deeper analysis

CVE-2025-23374 is an Insertion of Sensitive Information into Log File vulnerability (CWE-532) affecting Dell Networking Switches running Enterprise SONiC OS in versions prior to 4.4.1 and 4.2.3. This flaw allows sensitive information to be logged, potentially exposing it to unauthorized viewers. The vulnerability received a CVSS v3.1 base score of 8.0 (AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to network accessibility, changed scope, and high impacts across confidentiality, integrity, and availability.

A high-privileged attacker with remote access could exploit this vulnerability to achieve information exposure. The required privileges and high attack complexity limit feasibility to insiders or compromised high-level accounts, but successful exploitation could reveal sensitive data from log files, potentially enabling further compromise given the CVSS impacts on integrity and availability.

Dell's security advisory DSA-2025-057 provides a security update for the Dell Enterprise SONiC distribution vulnerability, available at https://www.dell.com/support/kbdoc/en-us/000278568/dsa-2025-057-security-update-for-dell-enterprise-sonic-distribution-vulnerability. Practitioners should apply the relevant patches to versions prior to 4.4.1 and 4.2.3 to mitigate the issue.

EU & UK References

Vulnerability details

Dell Networking Switches running Enterprise SONiC OS, version(s) prior to 4.4.1 and 4.2.3, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Why these techniques?

Vulnerability inserts sensitive data into log files on the local system; high-privileged remote attacker can access and read these logs to achieve information exposure, directly facilitating data collection from local system sources.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-28261Same vendor: Dell
CVE-2026-23775Same vendor: Dell
CVE-2025-36589Same vendor: Dell
CVE-2025-24984Shared CWE-532
CVE-2025-0976Shared CWE-532
CVE-2025-21105Same vendor: Dell
CVE-2025-27688Same vendor: Dell
CVE-2025-24379Same vendor: Dell
CVE-2026-22284Same vendor: Dell
CVE-2026-22279Same vendor: Dell

Affected Assets

dell
enterprise sonic distribution
4.4.0 · ≤ 4.2.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the CVE by requiring timely identification, reporting, and correction of the specific flaw in Enterprise SONiC OS that inserts sensitive information into log files.

prevent

Prevents insertion of sensitive information into log files by enforcing error handling that limits diagnostic and error information to non-sensitive data only.

prevent

Protects audit and log files containing sensitive information from unauthorized access, modification, or deletion by high-privileged remote attackers.

References