DSA-2025-373: Security Update for Dell Repository Manager Vulnerability
Summary: Dell Repository Manager remediation is available for Time-of-Check to Time-of-Use (TOCTOU) race condition that could be exploited by malicious users to compromise the affected system.
Impact
High
Details
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2025-45376 |
Dell Repository Manager (DRM), versions 3.4.7 and 3.4.8, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. |
7.5 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2025-45376 |
Dell Repository Manager (DRM), versions 3.4.7 and 3.4.8, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. |
7.5 |
Affected Products & Remediation
|
Product |
Affected Versions |
Remediated Versions |
Link |
|
Dell Repository Manager |
Versions 3.4.7 and 3.4.8 |
Version 3.4.9 |
https://www.dell.com/support/home/drivers/driversdetails?driverId=915XT |
|
Product |
Affected Versions |
Remediated Versions |
Link |
|
Dell Repository Manager |
Versions 3.4.7 and 3.4.8 |
Version 3.4.9 |
https://www.dell.com/support/home/drivers/driversdetails?driverId=915XT |
No action required from the customer if DRM v3.4.9 is already installed by the customer. However, we recommend the workaround mentioned above.
Workarounds & Mitigations
|
CVE ID |
Workaround and Mitigation |
|
CVE-2025-45376 |
Ensure there is no symbolic link to DRM working directory and its sub-directories. |
Revision History
|
Revision |
Date |
Description |
|
1.0 |
2025-09-29 |
Initial Release |
Acknowledgements
Dell would like to thank Ouallaout Noureddine for reporting this issue.