DSA-2025-326: Security Update for Dell PowerProtect Data Manager Multiple Security Vulnerabilities

Resumen: Dell PowerProtect Data Manager remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Este artículo se aplica a Este artículo no se aplica a Este artículo no está vinculado a ningún producto específico. No se identifican todas las versiones del producto en este artículo.
Consulte estos recursos

Impacto

High

Detalles adicionales

The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.

Detalles

Third-party Component

CVEs

More Information

PPDM Core/UI:
nodejs 22.17.1

CVE-2025-27210

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Reporting:
Apache ActiveMQ 6.1.2

CVE-2025-27533

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Apache Commons BeanUtils 1.9.4 and 1.10.0

CVE-2025-48734

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Apache CXF 4.0.5

CVE-2025-23184

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Apache Tomcat 10.1.24 and 10.1.34

CVE-2025-24813, CVE-2025-31651, CVE-2025-31650, CVE-2024-38286

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Infinispan 15.0.4.Final

CVE-2025-0736

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

json-smart 2.5.1

CVE-2024-57699

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Logback 1.5.6

CVE-2024-12798, CVE-2024-12801

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Netty Project  4.1.110.Final and 4.1.116.Final

CVE-2025-25193

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Nimbus-JOSE-JWT 9.37.3

CVE-2025-53864

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

OTelcol-contrib v0.89.0

CVE-2024-36129

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Spring Boot 3.3.0

CVE-2024-38807, CVE-2025-22235

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Spring Framework 6.2.0

CVE-2024-38820, CVE-2025-22233

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Spring Security 6.3.0

CVE-2024-38810

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

OS Update:
coreutils-lang 8.32-150400.9.9.1

CVE-2025-5278

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

coreutils 8.32-150400.9.9.1

CVE-2025-5278

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

java-17-openjdk-headless 17.0.16.0-150400.3.57.1

CVE-2025-30749, CVE-2025-30754, CVE-2025-50059, CVE-2025-50106

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

sudo-plugin-python 1.9.9-150400.4.39.1

CVE-2025-32462

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

sudo 1.9.9-150400.4.39.1

CVE-2025-32462

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

libgnutls30-hmac 3.7.3-150400.4.50.1

CVE-2024-12243, CVE-2025-32988, CVE-2025-32989, CVE-2025-32990, CVE-2025-6395

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

libgnutls30 3.7.3-150400.4.50.1

CVE-2024-12243, CVE-2025-32988, CVE-2025-32989, CVE-2025-32990, CVE-2025-6395

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

boost-license1_66_0 1.66.0-150200.12.7.1

CVE-2016-9840

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

libboost_system1_66_0 1.66.0-150200.12.7.1

CVE-2016-9840

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

libboost_thread1_66_0 1.66.0-150200.12.7.1

CVE-2016-9840

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

kernel-default 5.14.21-150400.24.170.2

CVE-2021-47557, CVE-2021-47595, CVE-2022-49110, CVE-2022-49139, CVE-2022-49767, CVE-2022-49769, CVE-2022-49770, CVE-2022-49771, CVE-2022-49772, CVE-2022-49775, CVE-2022-49776, CVE-2022-49777, CVE-2022-49779, CVE-2022-49783, CVE-2022-49787, CVE-2022-49788, CVE-2022-49789, CVE-2022-49790, CVE-2022-49792, CVE-2022-49793, CVE-2022-49794, CVE-2022-49796, CVE-2022-49797, CVE-2022-49799, CVE-2022-49800, CVE-2022-49801, CVE-2022-49802, CVE-2022-49807, CVE-2022-49809, CVE-2022-49810, CVE-2022-49812, CVE-2022-49813, CVE-2022-49818, CVE-2022-49821, CVE-2022-49822, CVE-2022-49823, CVE-2022-49824, CVE-2022-49825, CVE-2022-49826, CVE-2022-49827, CVE-2022-49830, CVE-2022-49832, CVE-2022-49834, CVE-2022-49835, CVE-2022-49836, CVE-2022-49839, CVE-2022-49841, CVE-2022-49842, CVE-2022-49845, CVE-2022-49846, CVE-2022-49850, CVE-2022-49853, CVE-2022-49858, CVE-2022-49860, CVE-2022-49861, CVE-2022-49863, CVE-2022-49864, CVE-2022-49865, CVE-2022-49868, CVE-2022-49869, CVE-2022-49870, CVE-2022-49871, CVE-2022-49874, CVE-2022-49879, CVE-2022-49880, CVE-2022-49881, CVE-2022-49885, CVE-2022-49887, CVE-2022-49888, CVE-2022-49889, CVE-2022-49890, CVE-2022-49891, CVE-2022-49892, CVE-2022-49900, CVE-2022-49905, CVE-2022-49906, CVE-2022-49908, CVE-2022-49909, CVE-2022-49910, CVE-2022-49915, CVE-2022-49916, CVE-2022-49922, CVE-2022-49923, CVE-2022-49924, CVE-2022-49925, CVE-2022-49927, CVE-2022-49928, CVE-2022-49931, CVE-2022-49934, CVE-2022-49936, CVE-2022-49937, CVE-2022-49938, CVE-2022-49940, CVE-2022-49942, CVE-2022-49945, CVE-2022-49946, CVE-2022-49948, CVE-2022-49950, CVE-2022-49952, CVE-2022-49954, CVE-2022-49956, CVE-2022-49957, CVE-2022-49958, CVE-2022-49960, CVE-2022-49964, CVE-2022-49966, CVE-2022-49968, CVE-2022-49969, CVE-2022-49977, CVE-2022-49978, CVE-2022-49981, CVE-2022-49982, CVE-2022-49983, CVE-2022-49984, CVE-2022-49985, CVE-2022-49986, CVE-2022-49987, CVE-2022-49989, CVE-2022-49990, CVE-2022-49993, CVE-2022-49995, CVE-2022-49999, CVE-2022-50005, CVE-2022-50006, CVE-2022-50008, CVE-2022-50010, CVE-2022-50011, CVE-2022-50012, CVE-2022-50019, CVE-2022-50020, CVE-2022-50021, CVE-2022-50022, CVE-2022-50023, CVE-2022-50024, CVE-2022-50026, CVE-2022-50027, CVE-2022-50028, CVE-2022-50029, CVE-2022-50030, CVE-2022-50031, CVE-2022-50032, CVE-2022-50033, CVE-2022-50034, CVE-2022-50036, CVE-2022-50038, CVE-2022-50039, CVE-2022-50040, CVE-2022-50045, CVE-2022-50046, CVE-2022-50047, CVE-2022-50051, CVE-2022-50053, CVE-2022-50055, CVE-2022-50059, CVE-2022-50060, CVE-2022-50061, CVE-2022-50062, CVE-2022-50065, CVE-2022-50066, CVE-2022-50067, CVE-2022-50068, CVE-2022-50072, CVE-2022-50073, CVE-2022-50074, CVE-2022-50076, CVE-2022-50077, CVE-2022-50079, CVE-2022-50083, CVE-2022-50084, CVE-2022-50085, CVE-2022-50087, CVE-2022-50092, CVE-2022-50093, CVE-2022-50094, CVE-2022-50095, CVE-2022-50097, CVE-2022-50098, CVE-2022-50099, CVE-2022-50100, CVE-2022-50101, CVE-2022-50102, CVE-2022-50103, CVE-2022-50104, CVE-2022-50108, CVE-2022-50109, CVE-2022-50110, CVE-2022-50111, CVE-2022-50112, CVE-2022-50116, CVE-2022-50118, CVE-2022-50120, CVE-2022-50121, CVE-2022-50124, CVE-2022-50125, CVE-2022-50126, CVE-2022-50127, CVE-2022-50129, CVE-2022-50131, CVE-2022-50132, CVE-2022-50134, CVE-2022-50136, CVE-2022-50137, CVE-2022-50138, CVE-2022-50139, CVE-2022-50140, CVE-2022-50141, CVE-2022-50142, CVE-2022-50143, CVE-2022-50145, CVE-2022-50146, CVE-2022-50149, CVE-2022-50151, CVE-2022-50152, CVE-2022-50153, CVE-2022-50154, CVE-2022-50155, CVE-2022-50156, CVE-2022-50157, CVE-2022-50158, CVE-2022-50160, CVE-2022-50161, CVE-2022-50162, CVE-2022-50164, CVE-2022-50165, CVE-2022-50169, CVE-2022-50171, CVE-2022-50172, CVE-2022-50173, CVE-2022-50175, CVE-2022-50176, CVE-2022-50178, CVE-2022-50179, CVE-2022-50181, CVE-2022-50185, CVE-2022-50187, CVE-2022-50190, CVE-2022-50191, CVE-2022-50192, CVE-2022-50194, CVE-2022-50196, CVE-2022-50197, CVE-2022-50198, CVE-2022-50199, CVE-2022-50200, CVE-2022-50201, CVE-2022-50202, CVE-2022-50203, CVE-2022-50204, CVE-2022-50206, CVE-2022-50207, CVE-2022-50208, CVE-2022-50209, CVE-2022-50211, CVE-2022-50212, CVE-2022-50213, CVE-2022-50215, CVE-2022-50218, CVE-2022-50220, CVE-2022-50222, CVE-2022-50226, CVE-2022-50228, CVE-2022-50229, CVE-2022-50231, CVE-2023-52924, CVE-2023-52925, CVE-2023-53035, CVE-2023-53038, CVE-2023-53039, CVE-2023-53040, CVE-2023-53041, CVE-2023-53044, CVE-2023-53045, CVE-2023-53048, CVE-2023-53049, CVE-2023-53051, CVE-2023-53052, CVE-2023-53054, CVE-2023-53056, CVE-2023-53058, CVE-2023-53059, CVE-2023-53060, CVE-2023-53062, CVE-2023-53064, CVE-2023-53065, CVE-2023-53066, CVE-2023-53068, CVE-2023-53075, CVE-2023-53076, CVE-2023-53077, CVE-2023-53078, CVE-2023-53079, CVE-2023-53081, CVE-2023-53084, CVE-2023-53087, CVE-2023-53089, CVE-2023-53090, CVE-2023-53091, CVE-2023-53092, CVE-2023-53093, CVE-2023-53096, CVE-2023-53097, CVE-2023-53098, CVE-2023-53099, CVE-2023-53100, CVE-2023-53101, CVE-2023-53106, CVE-2023-53108, CVE-2023-53111, CVE-2023-53114, CVE-2023-53116, CVE-2023-53118, CVE-2023-53119, CVE-2023-53123, CVE-2023-53124, CVE-2023-53125, CVE-2023-53131, CVE-2023-53134, CVE-2023-53137, CVE-2023-53139, CVE-2023-53140, CVE-2023-53142, CVE-2023-53143, CVE-2023-53145, CVE-2024-26808, CVE-2024-26924, CVE-2024-26935, CVE-2024-27397, CVE-2024-35840, CVE-2024-36978, CVE-2024-46800, CVE-2024-53057, CVE-2024-53125, CVE-2024-53141, CVE-2024-53168, CVE-2024-56558, CVE-2024-56770, CVE-2024-57947, CVE-2024-57999, CVE-2025-21700, CVE-2025-21702, CVE-2025-21703, CVE-2025-21756, CVE-2025-21888, CVE-2025-21999, CVE-2025-22056, CVE-2025-22060, CVE-2025-23138, CVE-2025-23141, CVE-2025-23145, CVE-2025-37752, CVE-2025-37785, CVE-2025-37789, CVE-2025-37797, CVE-2025-37798, CVE-2025-37823, CVE-2025-37890, CVE-2025-37932, CVE-2025-37948, CVE-2025-37953, CVE-2025-37963, CVE-2025-37997, CVE-2025-38000, CVE-2025-38001, CVE-2025-38014, CVE-2025-38083

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

libsystemd0 249.17-150400.8.49.2

CVE-2025-4598

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

libudev1 249.17-150400.8.49.2

CVE-2025-4598

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

systemd-coredump 249.17-150400.8.49.2

CVE-2025-4598

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

systemd-lang 249.17-150400.8.49.2

CVE-2025-4598

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

systemd-sysvinit 249.17-150400.8.49.2

CVE-2025-4598

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

pam-config 1.1-150200.3.14.1

CVE-2025-6018

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

libgcrypt20-hmac 1.9.4-150400.6.11.1

CVE-2024-2236

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

libgcrypt20 1.9.4-150400.6.11.1

CVE-2024-2236

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

pam 1.3.0-150000.6.83.1

CVE-2024-10041, CVE-2025-6018

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

xen-libs 4.16.7_02-150400.4.72.1

CVE-2024-28956, CVE-2024-36350, CVE-2024-36357, CVE-2025-1713, CVE-2025-27465

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

python3-urllib3 1.25.10-150300.4.15.1

CVE-2024-37891

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

libvmtools0 13.0.0-150300.61.1

CVE-2025-22247

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

open-vm-tools 13.0.0-150300.61.1

CVE-2025-22247

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

vim-data-common 9.1.1406-150000.5.75.1

CVE-2024-41965, CVE-2025-29768

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

vim-data 9.1.1406-150000.5.75.1

CVE-2024-41965, CVE-2025-29768

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

vim 9.1.1406-150000.5.75.1

CVE-2024-41965, CVE-2025-29768

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

xxd 9.1.1406-150000.5.75.1

CVE-2024-41965, CVE-2025-29768

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

libssh-config 0.9.8-150400.3.9.1

CVE-2025-4877, CVE-2025-4878, CVE-2025-5318, CVE-2025-5372

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

libssh4 0.9.8-150400.3.9.1

CVE-2025-4877, CVE-2025-4878, CVE-2025-5318, CVE-2025-5372

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

libpolkit0 0.116-150200.3.15.1

CVE-2025-7519

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

libsqlite3-0 3.50.2-150000.3.33.1

CVE-2025-29087, CVE-2025-29088, CVE-2025-3277, CVE-2025-6965

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

sqlite3-tcl 3.50.2-150000.3.33.1

CVE-2025-29087, CVE-2025-29088, CVE-2025-3277, CVE-2025-6965

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

docker-rootless-extras 28.2.2_ce-150000.227.1

CVE-2025-0495, CVE-2025-22872

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

docker 28.2.2_ce-150000.227.1

CVE-2025-0495, CVE-2025-22872

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

libxml2-2 2.9.14-150400.5.47.1

CVE-2025-32414, CVE-2025-32415, CVE-2025-49794, CVE-2025-49796, CVE-2025-6021, CVE-2025-6170, CVE-2025-7425

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

libxml2-tools 2.9.14-150400.5.47.1

CVE-2025-32414, CVE-2025-32415, CVE-2025-49794, CVE-2025-49796, CVE-2025-6021, CVE-2025-6170, CVE-2025-7425

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

libicu-suse65_1 65.1-150200.4.15.1

CVE-2025-5222

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

libicu65_1-ledata 65.1-150200.4.15.1

CVE-2025-5222

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

python3-requests 2.25.1-150300.3.18.1

CVE-2024-47081

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2025-43888

Dell PowerProtect Data Manager, Hyper-V, version(s) 19.19 and 19.20, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.

8.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2025-43884

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.

8.2

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2025-43885

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2025-43725

Dell PowerProtect Data Manager, Generic Application Agent, version(s) 19.19 and 19.20, contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2025-43887

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

7.0

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.


CVE-2025-43938

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to gain unauthorized access with privileges of the compromised account. 

5.0

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N This hyperlink is taking you to a website outside of Dell Technologies.

CVE-2025-43886

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Path Traversal: '.../...//' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker.

4.4

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2025-43888

Dell PowerProtect Data Manager, Hyper-V, version(s) 19.19 and 19.20, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.

8.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2025-43884

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.

8.2

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2025-43885

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2025-43725

Dell PowerProtect Data Manager, Generic Application Agent, version(s) 19.19 and 19.20, contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2025-43887

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

7.0

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.


CVE-2025-43938

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to gain unauthorized access with privileges of the compromised account. 

5.0

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N This hyperlink is taking you to a website outside of Dell Technologies.

CVE-2025-43886

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Path Traversal: '.../...//' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker.

4.4

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies recomienda que todos los clientes tengan en cuenta tanto la puntuación base como cualquier otra puntuación ambiental y temporal relevante que pueda afectar la posible gravedad asociada con la vulnerabilidad de seguridad en particular.

Corrección y productos afectados

Product

Software/Firmware

Affected Versions

Remediated Versions

Link

Dell PowerProtect Data Manager

PowerProtect Data Manager 19.21.0-11

Versions prior to 19.21

Version 19.21 build 11 or later

PowerProtect Data Manager (PPDM) Version 19.21 | Drivers & Downloads

Product

Software/Firmware

Affected Versions

Remediated Versions

Link

Dell PowerProtect Data Manager

PowerProtect Data Manager 19.21.0-11

Versions prior to 19.21

Version 19.21 build 11 or later

PowerProtect Data Manager (PPDM) Version 19.21 | Drivers & Downloads

Historial de revisiones

Revision

Date

Description

1.0

2025-09-09

Initial Release

2.0

2025-09-09

Updated for enhanced presentation with no changes to content

Información relacionada

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Descargo de responsabilidad

Productos afectados

PowerProtect Data Manager Appliance, PowerProtect Data Manager, PowerProtect Data Manager Essentials, PowerProtect DM5500
Propiedades del artículo
Número del artículo: 000367456
Tipo de artículo: Dell Security Advisory
Última modificación: 10 sept 2025
Encuentre respuestas a sus preguntas de otros usuarios de Dell
Servicios de soporte
Compruebe si el dispositivo está cubierto por los servicios de soporte.