DSA-2025-304: Security Update for Dell PowerProtect Data Manager Multiple Security Vulnerabilities
Resumen: Dell PowerProtect Data Manager remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Impacto
High
Detalles
|
Third-party Component |
CVEs |
More Information |
|---|---|---|
|
Apache Tomcat 9.0.98, 10.1.34 |
CVE-2025-24813, CVE-2025-31651 |
|
|
netty-handler 4.1.115 |
CVE-2025-25193 |
|
|
babel/helpers 7.26.9 |
CVE-2025-27789 |
|
|
nestjs/common 11.1.2 |
CVE-2024-29409 |
|
|
Node.js 22.15.1 |
CVE-2025-23083, CVE-2025-23084, CVE-2025-23085, CVE-2025-23166, CVE-2025-23165, CVE-2025-23167 |
|
|
Curl 8.4.0 |
CVE-2024-9681, CVE-2024-7264, CVE-2023-46218, CVE-2023-46219 |
|
|
libxml2 2.12.5 |
CVE-2025-32414, CVE-2025-32415, CVE-2025-27113 |
|
|
golang.org/x/crypto/ssh |
CVE-2025-2588, CVE-2025-30204, CVE-2025-22869 |
|
|
Infinispan Common Parent 15.0.4.Final |
CVE-2025-0736 |
|
|
Oracle Java SE |
CVE-2025-30691, CVE-2025-21587 |
|
|
kernel-default=5.14.21-150400.24.164.1 |
CVE-2021-47671, CVE-2022-49741, CVE-2024-46784, CVE-2025-21726, CVE-2025-21785, CVE-2025-21791, CVE-2025-21812, CVE-2025-21886, CVE-2025-22004, CVE-2025-22020, CVE-2025-22029, CVE-2025-22045, CVE-2025-22055, CVE-2025-22097 |
|
|
sysstat=12.0.2-150000.3.40.1 |
CVE-2022-39377, CVE-2023-33204 |
|
|
openssh-common=8.4p1-150300.3.49.1, 8.4p1-150300.3.49.1, 8.4p1-150300.3.49.1, 8.4p1-150300.3.49.1, 8.4p1-150300.3.49.1 |
CVE-2025-32728 |
|
|
libpq5=17.5-150200.5.13.1, postgresql14-server=14.18-150200.5.58.1, postgresql14=14.18-150200.5.58.1 |
CVE-2025-4207 |
|
|
python3-setuptools=44.1.1-150400.9.12.1 |
CVE-2025-47273 |
|
|
glibc-lang=2.31-150300.95.1, 2.31-150300.95.1, 2.31-150300.95.1, 2.31-150300.95.1, 2.31-150300.95.1 |
CVE-2025-4802 |
|
|
ucode-intel=20250512-150200.56.1 |
CVE-2024-28956, CVE-2024-43420, CVE-2024-45332, CVE-2025-20012, CVE-2025-20054, CVE-2025-20103, CVE-2025-20623, CVE-2025-24495 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|---|---|---|---|
|
CVE-2025-30480 |
Dell PowerProtect Data Manager, versions prior to 19.19, contain(s) an Improper Input Validation vulnerability in PowerProtect Data Manager. A low privileged attacker with remote access could potentially exploit this vulnerability to read arbitrary files. |
6.5 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|---|---|---|---|
|
CVE-2025-30480 |
Dell PowerProtect Data Manager, versions prior to 19.19, contain(s) an Improper Input Validation vulnerability in PowerProtect Data Manager. A low privileged attacker with remote access could potentially exploit this vulnerability to read arbitrary files. |
6.5 |
Corrección y productos afectados
|
Product |
Affected Versions |
Remediated Versions |
Link |
|---|---|---|---|
|
Dell PowerProtect Data Manager |
Versions prior to 19.20 |
Version 19.20 build 15 or later |
|
Product |
Affected Versions |
Remediated Versions |
Link |
|---|---|---|---|
|
Dell PowerProtect Data Manager |
Versions prior to 19.20 |
Version 19.20 build 15 or later |
The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Historial de revisiones
|
Revision |
Date |
Description |
|---|---|---|
|
1.0 |
2025-07-29 |
Initial Release |
|
2.0 |
2025-07-29 |
Updated for enhanced presentation with no changes to content |
Reconocimientos
CVE-2025-30480: Dell would like to thank zzcentury from Ubisectech Sirius Team for reporting this issue.