High
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
CVE-2025-22395 |
Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary remote scripts on the server. Exploitation may lead to a denial of service by an attacker. |
8.2 |
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
CVE-2025-22395 |
Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary remote scripts on the server. Exploitation may lead to a denial of service by an attacker. |
8.2 |
Product |
Affected Versions |
Remediated Versions |
Link |
Dell Update Package (DUP) Framework |
Versions prior to 22.01.02 |
Version 22.01.02 or later |
Product |
Affected Versions |
Remediated Versions |
Link |
Dell Update Package (DUP) Framework |
Versions prior to 22.01.02 |
Version 22.01.02 or later |
CVE ID |
Workaround and Mitigation |
CVE-2025-22395 |
Recommend users not to use Extract option in Microsoft Windows OS if the File Version of update package is less than 22.01.02. If it is less than 22.01.02 we suggest using extract option via command prompt. |
Revision |
Date |
Description |
1.0 |
2025-01-06 |
Initial Release |
2.0 |
2025-01-06 |
Formatting change for the highlighted Note. No changes to content. |
Dell would like to thank Gee-netics for reporting this issue.