DSA-2025-062: Security Update for Dell PowerProtect Data Manager Multiple Security Vulnerabilities

Summary: Dell PowerProtect Data Manager remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

Critical

Details

Third Party Component

CVEs

More Information

Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket Server9.4.53.20231009

CVE-2024-8184, CVE-2024-6763

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Quartz Enterprise Job Scheduler2.3.2

CVE-2023-39017

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

rollup4.20.0

CVE-2024-47068

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Request - Simple HTTP Client2.88.2

CVE-2023-28155

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

http-proxy-middleware2.0.6

CVE-2024-21536

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Python Programming Language 3.11.9

CVE-2023-41105, CVE-2023-36632, CVE-2007-4559, CVE-2023-40217, CVE-2023-24329, CVE-2023-52425, CVE-2023-52426, CVE-2023-50782, CVE-2023-49083, CVE-2024-0727, CVE-2021-3711, CVE-2022-2068,CVE-2022-1292, CVE-2023-4807, CVE-2023-0215, CVE-2022-4450, CVE-2022-0778, CVE-2021-23840,CVE-2023-0464, CVE-2021-3450, CVE-2023-0286, CVE-2021-3712, CVE-2023-2650, CVE-2021-3449, CVE-2022-4304, CVE-2021-23841, CVE-2023-0466, CVE-2023-5678, CVE-2022-2097, CVE-2023-0465, CVE-2023-3817, CVE-2023-23931

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

zlib 1.3.1

CVE-2023-45853

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

java-17-openjdk 17.0.14

CVE-2024-21235, CVE-2024-21208, CVE-2024-21210, CVE-2024-21217, CVE-2025-21502

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

libcurl4, curl

CVE-2025-0725, CVE-2025-0167

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

golang.org/x/crypto/ssh

CVE-2024-45337

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

golang.org/x/net/html

CVE-2024-45338

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

logback-1.4.7

CVE-2023-6378

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Spring framework 6.1.8

CVE-2024-38820

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

libxml2-2=2.9.14-150400.5.38.1

libxml2-tools=2.9.14-150400.5.38.1

CVE-2024-56171, CVE-2025-24928, CVE-2025-27113

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

ucode-intel=20250211-150200.53.1

CVE-2024-31068, CVE-2024-36293, CVE-2024-37020, CVE-2024-39355

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

kernel-default=5.14.21-150400.24.150.1

CVE-2024-50199, CVE-2024-53104, CVE-2024-53166, CVE-2024-53177, CVE-2024-56600, CVE-2024-56601, CVE-2024-56602, CVE-2024-56623, CVE-2024-56631, CVE-2024-56642, CVE-2024-56645, CVE-2024-56648, CVE-2024-56650, CVE-2024-56658, CVE-2024-56661, CVE-2024-56664, CVE-2024-56704, CVE-2024-56759, CVE-2024-57791, CVE-2024-57792, CVE-2024-57798, CVE-2024-57849, CVE-2024-57893, CVE-2024-57897

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

openssh-clients=8.4p1-150300.3.42.1

libxml2-tools=2.9.14-150400.5.38.1

openssh-fips=8.4p1-150300.3.42.1

openssh-server=8.4p1-150300.3.42.1

openssh=8.4p1-150300.3.42.1

CVE-2025-26465

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

emacs-info=27.2-150400.3.23.2

emacs-nox=27.2-150400.3.23.2

emacs=27.2-150400.3.23.2

etags=27.2-150400.3.23.2

CVE-2025-1244

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

libopenssl1_1-hmac=1.1.1l-150400.7.78.1

libopenssl1_1=1.1.1l-150400.7.78.1

openssl-1_1=1.1.1l-150400.7.78.1

CVE-2024-13176

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

libruby2_5-2_5=2.5.9-150000.4.36.1

ruby2.5-stdlib=2.5.9-150000.4.36.1

ruby2.5=2.5.9-150000.4.36.1

CVE-2024-47220, CVE-2024-49761

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

libpq5=17.4-150200.5.10.1

postgresql14-server=14.17-150200.5.55.1

postgresql14=14.17-150200.5.55.1

CVE-2025-1094

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

glibc-extra=2.31-150300.92.1

glibc-lang=2.31-150300.92.1

glibc-locale-base=2.31-150300.92.1

glibc-locale=2.31-150300.92.1

glibc=2.31-150300.92.1

CVE-2025-0395

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

bind-utils=9.16.50-150400.5.46.1

python3-bind=9.16.50-150400.5.46.1

CVE-2024-11187

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

libtasn1-6=4.13-150000.4.11.1

libtasn1=4.13-150000.4.11.1

CVE-2024-12133

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

curl=8.0.1-150400.5.62.1

libcurl4=8.0.1-150400.5.62.1

CVE-2024-11053, CVE-2025-0167, CVE-2025-0725

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

grub2-i386-pc=2.06-150400.11.55.2

grub2-snapper-plugin=2.06-150400.11.55.2

grub2-systemd-sleep-plugin=2.06-150400.11.55.2

grub2-x86_64-efi=2.06-150400.11.55.2

grub2=2.06-150400.11.55.2

CVE-2024-45774, CVE-2024-45775, CVE-2024-45776, CVE-2024-45777, CVE-2024-45778, CVE-2024-45779, CVE-2024-45780, CVE-2024-45781, CVE-2024-45782, CVE-2024-45783, CVE-2024-56737, CVE-2025-0622, CVE-2025-0624, CVE-2025-0677, CVE-2025-0678, CVE-2025-0684, CVE-2025-0685, CVE-2025-0686, CVE-2025-0689, CVE-2025-0690, CVE-2025-1118, CVE-2025-1125

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2025-23375

Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) an Incorrect Use of Privileged APIs vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2025-23376

Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure.

2.3

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2025-23377

Dell PowerProtect Data Manager Reporting, version(s) 19.17, 19.18 contain(s) an Improper Encoding or Escaping of Output vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to inject arbitrary web script or html in reporting outputs.

4.2

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2025-27691

Dell PowerProtect Agent Service, version(s) 19.16, 19.17, and 19.18, contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the Postgres, Oracle, and cache environments with privileges of the compromised account. 

7.5

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2025-23375

Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) an Incorrect Use of Privileged APIs vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2025-23376

Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure.

2.3

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2025-23377

Dell PowerProtect Data Manager Reporting, version(s) 19.17, 19.18 contain(s) an Improper Encoding or Escaping of Output vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to inject arbitrary web script or html in reporting outputs.

4.2

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2025-27691

Dell PowerProtect Agent Service, version(s) 19.16, 19.17, and 19.18, contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the Postgres, Oracle, and cache environments with privileges of the compromised account. 

7.5

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Product

Software/Firmware

Affected Versions

Remediated Versions

Link

PowerProtect Data Manager

PowerProtect Data Manager Software 19.19.0-15

Versions 19.15.0 through 19.18.0-23

Version 19.19.0-15 or later

PowerProtect Data Manager 19.19.0-15 | Drivers & Downloads

Product

Software/Firmware

Affected Versions

Remediated Versions

Link

PowerProtect Data Manager

PowerProtect Data Manager Software 19.19.0-15

Versions 19.15.0 through 19.18.0-23

Version 19.19.0-15 or later

PowerProtect Data Manager 19.19.0-15 | Drivers & Downloads

Revision History

Revision

Date

Description

1.0

2025-04-24

Initial Release

2.0

2025-04-24

Updated for enhanced presentation with no changes to content

3.0

2025-04-25

Updated for enhanced presentation with no changes to content

4.0

2025-05-07

Updated CVE Identifier and Third Party Components section to remove Node.js 22.13.0 references

5.0

2025-05-28

Updated the Proprietary Code section: Added CVE-2025-27691 details. 

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

PowerProtect Data Manager
Article Properties
Article Number: 000311083
Article Type: Dell Security Advisory
Last Modified: 28 May 2025
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.