DSA-2025-326: Security Update for Dell PowerProtect Data Manager Multiple Security Vulnerabilities
Summary: Dell PowerProtect Data Manager remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
High
Additional Details
The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Details
|
Third-party Component |
CVEs |
More Information |
|---|---|---|
|
PPDM Core/UI: |
CVE-2025-27210 |
|
|
Reporting: |
CVE-2025-27533 |
|
|
Apache Commons BeanUtils 1.9.4 and 1.10.0 |
CVE-2025-48734 |
|
|
Apache CXF 4.0.5 |
CVE-2025-23184 |
|
|
Apache Tomcat 10.1.24 and 10.1.34 |
CVE-2025-24813, CVE-2025-31651, CVE-2025-31650, CVE-2024-38286 |
|
|
Infinispan 15.0.4.Final |
CVE-2025-0736 |
|
|
json-smart 2.5.1 |
CVE-2024-57699 |
|
|
Logback 1.5.6 |
CVE-2024-12798, CVE-2024-12801 |
|
|
Netty Project 4.1.110.Final and 4.1.116.Final |
CVE-2025-25193 |
|
|
Nimbus-JOSE-JWT 9.37.3 |
CVE-2025-53864 |
|
|
OTelcol-contrib v0.89.0 |
CVE-2024-36129 |
|
|
Spring Boot 3.3.0 |
CVE-2024-38807, CVE-2025-22235 |
|
|
Spring Framework 6.2.0 |
CVE-2024-38820, CVE-2025-22233 |
|
|
Spring Security 6.3.0 |
CVE-2024-38810 |
|
|
OS Update: |
CVE-2025-5278 |
|
|
coreutils 8.32-150400.9.9.1 |
CVE-2025-5278 |
|
|
java-17-openjdk-headless 17.0.16.0-150400.3.57.1 |
CVE-2025-30749, CVE-2025-30754, CVE-2025-50059, CVE-2025-50106 |
|
|
sudo-plugin-python 1.9.9-150400.4.39.1 |
CVE-2025-32462 |
|
|
sudo 1.9.9-150400.4.39.1 |
CVE-2025-32462 |
|
|
libgnutls30-hmac 3.7.3-150400.4.50.1 |
CVE-2024-12243, CVE-2025-32988, CVE-2025-32989, CVE-2025-32990, CVE-2025-6395 |
|
|
libgnutls30 3.7.3-150400.4.50.1 |
CVE-2024-12243, CVE-2025-32988, CVE-2025-32989, CVE-2025-32990, CVE-2025-6395 |
|
|
boost-license1_66_0 1.66.0-150200.12.7.1 |
CVE-2016-9840 |
|
|
libboost_system1_66_0 1.66.0-150200.12.7.1 |
CVE-2016-9840 |
|
|
libboost_thread1_66_0 1.66.0-150200.12.7.1 |
CVE-2016-9840 |
|
|
kernel-default 5.14.21-150400.24.170.2 |
CVE-2021-47557, CVE-2021-47595, CVE-2022-49110, CVE-2022-49139, CVE-2022-49767, CVE-2022-49769, CVE-2022-49770, CVE-2022-49771, CVE-2022-49772, CVE-2022-49775, CVE-2022-49776, CVE-2022-49777, CVE-2022-49779, CVE-2022-49783, CVE-2022-49787, CVE-2022-49788, CVE-2022-49789, CVE-2022-49790, CVE-2022-49792, CVE-2022-49793, CVE-2022-49794, CVE-2022-49796, CVE-2022-49797, CVE-2022-49799, CVE-2022-49800, CVE-2022-49801, CVE-2022-49802, CVE-2022-49807, CVE-2022-49809, CVE-2022-49810, CVE-2022-49812, CVE-2022-49813, CVE-2022-49818, CVE-2022-49821, CVE-2022-49822, CVE-2022-49823, CVE-2022-49824, CVE-2022-49825, CVE-2022-49826, CVE-2022-49827, CVE-2022-49830, CVE-2022-49832, CVE-2022-49834, CVE-2022-49835, CVE-2022-49836, CVE-2022-49839, CVE-2022-49841, CVE-2022-49842, CVE-2022-49845, CVE-2022-49846, CVE-2022-49850, CVE-2022-49853, CVE-2022-49858, CVE-2022-49860, CVE-2022-49861, CVE-2022-49863, CVE-2022-49864, CVE-2022-49865, CVE-2022-49868, CVE-2022-49869, CVE-2022-49870, CVE-2022-49871, CVE-2022-49874, CVE-2022-49879, CVE-2022-49880, CVE-2022-49881, CVE-2022-49885, CVE-2022-49887, CVE-2022-49888, CVE-2022-49889, CVE-2022-49890, CVE-2022-49891, CVE-2022-49892, CVE-2022-49900, CVE-2022-49905, CVE-2022-49906, CVE-2022-49908, CVE-2022-49909, CVE-2022-49910, CVE-2022-49915, CVE-2022-49916, CVE-2022-49922, CVE-2022-49923, CVE-2022-49924, CVE-2022-49925, CVE-2022-49927, CVE-2022-49928, CVE-2022-49931, CVE-2022-49934, CVE-2022-49936, CVE-2022-49937, CVE-2022-49938, CVE-2022-49940, CVE-2022-49942, CVE-2022-49945, CVE-2022-49946, CVE-2022-49948, CVE-2022-49950, CVE-2022-49952, CVE-2022-49954, CVE-2022-49956, CVE-2022-49957, CVE-2022-49958, CVE-2022-49960, CVE-2022-49964, CVE-2022-49966, CVE-2022-49968, CVE-2022-49969, CVE-2022-49977, CVE-2022-49978, CVE-2022-49981, CVE-2022-49982, CVE-2022-49983, CVE-2022-49984, CVE-2022-49985, CVE-2022-49986, CVE-2022-49987, CVE-2022-49989, CVE-2022-49990, CVE-2022-49993, CVE-2022-49995, CVE-2022-49999, CVE-2022-50005, CVE-2022-50006, CVE-2022-50008, CVE-2022-50010, CVE-2022-50011, CVE-2022-50012, CVE-2022-50019, CVE-2022-50020, CVE-2022-50021, CVE-2022-50022, CVE-2022-50023, CVE-2022-50024, CVE-2022-50026, CVE-2022-50027, CVE-2022-50028, CVE-2022-50029, CVE-2022-50030, CVE-2022-50031, CVE-2022-50032, CVE-2022-50033, CVE-2022-50034, CVE-2022-50036, CVE-2022-50038, CVE-2022-50039, CVE-2022-50040, CVE-2022-50045, CVE-2022-50046, CVE-2022-50047, CVE-2022-50051, CVE-2022-50053, CVE-2022-50055, CVE-2022-50059, CVE-2022-50060, CVE-2022-50061, CVE-2022-50062, CVE-2022-50065, CVE-2022-50066, CVE-2022-50067, CVE-2022-50068, CVE-2022-50072, CVE-2022-50073, CVE-2022-50074, CVE-2022-50076, CVE-2022-50077, CVE-2022-50079, CVE-2022-50083, CVE-2022-50084, CVE-2022-50085, CVE-2022-50087, CVE-2022-50092, CVE-2022-50093, CVE-2022-50094, CVE-2022-50095, CVE-2022-50097, CVE-2022-50098, CVE-2022-50099, CVE-2022-50100, CVE-2022-50101, CVE-2022-50102, CVE-2022-50103, CVE-2022-50104, CVE-2022-50108, CVE-2022-50109, CVE-2022-50110, CVE-2022-50111, CVE-2022-50112, CVE-2022-50116, CVE-2022-50118, CVE-2022-50120, CVE-2022-50121, CVE-2022-50124, CVE-2022-50125, CVE-2022-50126, CVE-2022-50127, CVE-2022-50129, CVE-2022-50131, CVE-2022-50132, CVE-2022-50134, CVE-2022-50136, CVE-2022-50137, CVE-2022-50138, CVE-2022-50139, CVE-2022-50140, CVE-2022-50141, CVE-2022-50142, CVE-2022-50143, CVE-2022-50145, CVE-2022-50146, CVE-2022-50149, CVE-2022-50151, CVE-2022-50152, CVE-2022-50153, CVE-2022-50154, CVE-2022-50155, CVE-2022-50156, CVE-2022-50157, CVE-2022-50158, CVE-2022-50160, CVE-2022-50161, CVE-2022-50162, CVE-2022-50164, CVE-2022-50165, CVE-2022-50169, CVE-2022-50171, CVE-2022-50172, CVE-2022-50173, CVE-2022-50175, CVE-2022-50176, CVE-2022-50178, CVE-2022-50179, CVE-2022-50181, CVE-2022-50185, CVE-2022-50187, CVE-2022-50190, CVE-2022-50191, CVE-2022-50192, CVE-2022-50194, CVE-2022-50196, CVE-2022-50197, CVE-2022-50198, CVE-2022-50199, CVE-2022-50200, CVE-2022-50201, CVE-2022-50202, CVE-2022-50203, CVE-2022-50204, CVE-2022-50206, CVE-2022-50207, CVE-2022-50208, CVE-2022-50209, CVE-2022-50211, CVE-2022-50212, CVE-2022-50213, CVE-2022-50215, CVE-2022-50218, CVE-2022-50220, CVE-2022-50222, CVE-2022-50226, CVE-2022-50228, CVE-2022-50229, CVE-2022-50231, CVE-2023-52924, CVE-2023-52925, CVE-2023-53035, CVE-2023-53038, CVE-2023-53039, CVE-2023-53040, CVE-2023-53041, CVE-2023-53044, CVE-2023-53045, CVE-2023-53048, CVE-2023-53049, CVE-2023-53051, CVE-2023-53052, CVE-2023-53054, CVE-2023-53056, CVE-2023-53058, CVE-2023-53059, CVE-2023-53060, CVE-2023-53062, CVE-2023-53064, CVE-2023-53065, CVE-2023-53066, CVE-2023-53068, CVE-2023-53075, CVE-2023-53076, CVE-2023-53077, CVE-2023-53078, CVE-2023-53079, CVE-2023-53081, CVE-2023-53084, CVE-2023-53087, CVE-2023-53089, CVE-2023-53090, CVE-2023-53091, CVE-2023-53092, CVE-2023-53093, CVE-2023-53096, CVE-2023-53097, CVE-2023-53098, CVE-2023-53099, CVE-2023-53100, CVE-2023-53101, CVE-2023-53106, CVE-2023-53108, CVE-2023-53111, CVE-2023-53114, CVE-2023-53116, CVE-2023-53118, CVE-2023-53119, CVE-2023-53123, CVE-2023-53124, CVE-2023-53125, CVE-2023-53131, CVE-2023-53134, CVE-2023-53137, CVE-2023-53139, CVE-2023-53140, CVE-2023-53142, CVE-2023-53143, CVE-2023-53145, CVE-2024-26808, CVE-2024-26924, CVE-2024-26935, CVE-2024-27397, CVE-2024-35840, CVE-2024-36978, CVE-2024-46800, CVE-2024-53057, CVE-2024-53125, CVE-2024-53141, CVE-2024-53168, CVE-2024-56558, CVE-2024-56770, CVE-2024-57947, CVE-2024-57999, CVE-2025-21700, CVE-2025-21702, CVE-2025-21703, CVE-2025-21756, CVE-2025-21888, CVE-2025-21999, CVE-2025-22056, CVE-2025-22060, CVE-2025-23138, CVE-2025-23141, CVE-2025-23145, CVE-2025-37752, CVE-2025-37785, CVE-2025-37789, CVE-2025-37797, CVE-2025-37798, CVE-2025-37823, CVE-2025-37890, CVE-2025-37932, CVE-2025-37948, CVE-2025-37953, CVE-2025-37963, CVE-2025-37997, CVE-2025-38000, CVE-2025-38001, CVE-2025-38014, CVE-2025-38083 |
|
|
libsystemd0 249.17-150400.8.49.2 |
CVE-2025-4598 |
|
|
libudev1 249.17-150400.8.49.2 |
CVE-2025-4598 |
|
|
systemd-coredump 249.17-150400.8.49.2 |
CVE-2025-4598 |
|
|
systemd-lang 249.17-150400.8.49.2 |
CVE-2025-4598 |
|
|
systemd-sysvinit 249.17-150400.8.49.2 |
CVE-2025-4598 |
|
|
pam-config 1.1-150200.3.14.1 |
CVE-2025-6018 |
|
|
libgcrypt20-hmac 1.9.4-150400.6.11.1 |
CVE-2024-2236 |
|
|
libgcrypt20 1.9.4-150400.6.11.1 |
CVE-2024-2236 |
|
|
pam 1.3.0-150000.6.83.1 |
CVE-2024-10041, CVE-2025-6018 |
|
|
xen-libs 4.16.7_02-150400.4.72.1 |
CVE-2024-28956, CVE-2024-36350, CVE-2024-36357, CVE-2025-1713, CVE-2025-27465 |
|
|
python3-urllib3 1.25.10-150300.4.15.1 |
CVE-2024-37891 |
|
|
libvmtools0 13.0.0-150300.61.1 |
CVE-2025-22247 |
|
|
open-vm-tools 13.0.0-150300.61.1 |
CVE-2025-22247 |
|
|
vim-data-common 9.1.1406-150000.5.75.1 |
CVE-2024-41965, CVE-2025-29768 |
|
|
vim-data 9.1.1406-150000.5.75.1 |
CVE-2024-41965, CVE-2025-29768 |
|
|
vim 9.1.1406-150000.5.75.1 |
CVE-2024-41965, CVE-2025-29768 |
|
|
xxd 9.1.1406-150000.5.75.1 |
CVE-2024-41965, CVE-2025-29768 |
|
|
libssh-config 0.9.8-150400.3.9.1 |
CVE-2025-4877, CVE-2025-4878, CVE-2025-5318, CVE-2025-5372 |
|
|
libssh4 0.9.8-150400.3.9.1 |
CVE-2025-4877, CVE-2025-4878, CVE-2025-5318, CVE-2025-5372 |
|
|
libpolkit0 0.116-150200.3.15.1 |
CVE-2025-7519 |
|
|
libsqlite3-0 3.50.2-150000.3.33.1 |
CVE-2025-29087, CVE-2025-29088, CVE-2025-3277, CVE-2025-6965 |
|
|
sqlite3-tcl 3.50.2-150000.3.33.1 |
CVE-2025-29087, CVE-2025-29088, CVE-2025-3277, CVE-2025-6965 |
|
|
docker-rootless-extras 28.2.2_ce-150000.227.1 |
CVE-2025-0495, CVE-2025-22872 |
|
|
docker 28.2.2_ce-150000.227.1 |
CVE-2025-0495, CVE-2025-22872 |
|
|
libxml2-2 2.9.14-150400.5.47.1 |
CVE-2025-32414, CVE-2025-32415, CVE-2025-49794, CVE-2025-49796, CVE-2025-6021, CVE-2025-6170, CVE-2025-7425 |
|
|
libxml2-tools 2.9.14-150400.5.47.1 |
CVE-2025-32414, CVE-2025-32415, CVE-2025-49794, CVE-2025-49796, CVE-2025-6021, CVE-2025-6170, CVE-2025-7425 |
|
|
libicu-suse65_1 65.1-150200.4.15.1 |
CVE-2025-5222 |
|
|
libicu65_1-ledata 65.1-150200.4.15.1 |
CVE-2025-5222 |
|
|
python3-requests 2.25.1-150300.3.18.1 |
CVE-2024-47081 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|---|---|---|---|
|
CVE-2025-43888 |
Dell PowerProtect Data Manager, Hyper-V, version(s) 19.19 and 19.20, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. |
8.8 |
|
|
CVE-2025-43884 |
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution. |
8.2 |
|
|
CVE-2025-43885 |
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution. |
7.8 |
|
|
CVE-2025-43725 |
Dell PowerProtect Data Manager, Generic Application Agent, version(s) 19.19 and 19.20, contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. |
7.8 |
|
|
CVE-2025-43887 |
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. |
7.0 |
|
|
|
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to gain unauthorized access with privileges of the compromised account. |
5.0 |
|
|
CVE-2025-43886 |
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Path Traversal: '.../...//' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker. |
4.4 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|---|---|---|---|
|
CVE-2025-43888 |
Dell PowerProtect Data Manager, Hyper-V, version(s) 19.19 and 19.20, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. |
8.8 |
|
|
CVE-2025-43884 |
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution. |
8.2 |
|
|
CVE-2025-43885 |
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution. |
7.8 |
|
|
CVE-2025-43725 |
Dell PowerProtect Data Manager, Generic Application Agent, version(s) 19.19 and 19.20, contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. |
7.8 |
|
|
CVE-2025-43887 |
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. |
7.0 |
|
|
|
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to gain unauthorized access with privileges of the compromised account. |
5.0 |
|
|
CVE-2025-43886 |
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Path Traversal: '.../...//' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker. |
4.4 |
Affected Products & Remediation
|
Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
|---|---|---|---|---|
|
Dell PowerProtect Data Manager |
PowerProtect Data Manager 19.21.0-11 |
Versions prior to 19.21 |
Version 19.21 build 11 or later |
PowerProtect Data Manager (PPDM) Version 19.21 | Drivers & Downloads |
|
Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
|---|---|---|---|---|
|
Dell PowerProtect Data Manager |
PowerProtect Data Manager 19.21.0-11 |
Versions prior to 19.21 |
Version 19.21 build 11 or later |
PowerProtect Data Manager (PPDM) Version 19.21 | Drivers & Downloads |
Revision History
|
Revision |
Date |
Description |
|---|---|---|
|
1.0 |
2025-09-09 |
Initial Release |
|
2.0 |
2025-09-09 |
Updated for enhanced presentation with no changes to content |
Related Information
Legal Disclaimer
Affected Products
PowerProtect Data Manager Appliance, PowerProtect Data Manager, PowerProtect Data Manager Essentials, PowerProtect DM5500Article Properties
Article Number: 000367456
Article Type: Dell Security Advisory
Last Modified: 10 Sept 2025
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.