CVE-2025-22399 in UCC Edge
Summary
by MITRE • 02/11/2025
Dell UCC Edge, version 2.3.0, contains a Blind SSRF on Add Customer SFTP Server vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Server-side request forgery
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 12/06/2025
The vulnerability identified as CVE-2025-22399 affects Dell UCC Edge version 2.3.0 and represents a critical blind server-side request forgery flaw within the Add Customer SFTP Server functionality. This vulnerability stems from insufficient input validation and sanitization mechanisms that fail to properly restrict external requests originating from the application's backend services. The flaw exists in the customer SFTP server configuration interface where user-supplied parameters are directly processed without adequate security controls to prevent unauthorized external resource access.
The technical implementation of this vulnerability allows an attacker with local system access to manipulate the SFTP server addition process by injecting malicious parameters that trigger unintended server-side requests. The blind nature of this SSRF means that the attacker cannot directly observe the responses from the forged requests, but can still leverage the vulnerability to perform reconnaissance, access internal network services, or potentially exfiltrate data from systems that are normally protected by network segmentation. The vulnerability specifically impacts the application's ability to validate and sanitize inputs during the SFTP server configuration workflow, creating an attack surface where external URLs or IP addresses can be submitted without proper validation.
From an operational perspective, this vulnerability presents significant risk to organizations relying on Dell UCC Edge for customer management and file transfer operations. The unauthenticated nature of the attack vector combined with the local access requirement means that attackers who have already compromised a system or gained local privileges can leverage this flaw to expand their attack surface within the network environment. The impact extends beyond simple data exfiltration to include potential internal network reconnaissance, service enumeration, and access to sensitive internal systems that may be accessible through the SFTP server configuration process. This vulnerability can be particularly dangerous in enterprise environments where the UCC Edge appliance serves as a central point for managing customer communications and file transfers.
The security implications of this vulnerability align with CWE-918, which specifically addresses server-side request forgery vulnerabilities where attackers can manipulate the target of a server-side request. This flaw also maps to ATT&CK technique T1190, which describes the exploitation of vulnerabilities in remote services to gain access to internal networks. Organizations should prioritize immediate mitigation through software updates and patches provided by Dell to address this vulnerability. Network segmentation controls should be implemented to limit local access privileges, and input validation mechanisms should be strengthened to prevent parameter injection attacks. Additionally, monitoring for unusual SFTP server configuration activities and implementing proper access controls for local system access can help detect and prevent exploitation attempts of this vulnerability.