DSA-2025-108: Security Update for Dell EMC XtremIO X2
Summary: Dell EMC XtremIO X2 remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
High
Details
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2025-30105 |
Dell XtremIO, version(s) 6.4.0-22, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.
|
8.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
| CVE-2025-26332 |
TechAdvisor versions 2.6 through 3.37-30 for Dell XtremIO X2, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.
|
8.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2025-30105 |
Dell XtremIO, version(s) 6.4.0-22, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.
|
8.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
| CVE-2025-26332 |
TechAdvisor versions 2.6 through 3.37-30 for Dell XtremIO X2, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.
|
8.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Affected Products & Remediation
| Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
| XtremIO X2 | XMS | Versions prior to 6.4.3 | Version 6.4.3 or later | Contact customer support for upgrade. |
| XtremIO X2 | TechAdvisor | Versions 2.6 through 3.37-30 | Version 3.4 | Contact customer support for upgrade. |
| Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
| XtremIO X2 | XMS | Versions prior to 6.4.3 | Version 6.4.3 or later | Contact customer support for upgrade. |
| XtremIO X2 | TechAdvisor | Versions 2.6 through 3.37-30 | Version 3.4 | Contact customer support for upgrade. |
Revision History
| Revision | Date | Description |
| 1.0 | 2025-07-29 | Initial Release |
Related Information
Legal Disclaimer
Affected Products
XtremIO, XtremIO X2Article Properties
Article Number: 000337241
Article Type: Dell Security Advisory
Last Modified: 29 Jul 2025
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.