DSA-2025-304: Security Update for Dell PowerProtect Data Manager Multiple Security Vulnerabilities

Résumé: Dell PowerProtect Data Manager remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Cet article concerne Cet article ne concerne pas Cet article n’est associé à aucun produit spécifique. Toutes les versions du produit ne sont pas identifiées dans cet article.
Consulter d’autres ressources

Impact

High

Détails

Third-party Component

CVEs

More Information

Apache Tomcat 9.0.98, 10.1.34

CVE-2025-24813, CVE-2025-31651

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

netty-handler 4.1.115

CVE-2025-25193

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

babel/helpers 7.26.9

CVE-2025-27789

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

nestjs/common 11.1.2

CVE-2024-29409

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Node.js 22.15.1

CVE-2025-23083, CVE-2025-23084, CVE-2025-23085, CVE-2025-23166, CVE-2025-23165, CVE-2025-23167

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Curl 8.4.0

CVE-2024-9681, CVE-2024-7264, CVE-2023-46218, CVE-2023-46219

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

libxml2 2.12.5

CVE-2025-32414, CVE-2025-32415, CVE-2025-27113

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

golang.org/x/crypto/ssh

CVE-2025-2588, CVE-2025-30204, CVE-2025-22869

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Infinispan Common Parent 15.0.4.Final

CVE-2025-0736

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Oracle Java SE 

CVE-2025-30691, CVE-2025-21587

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

kernel-default=5.14.21-150400.24.164.1

CVE-2021-47671, CVE-2022-49741, CVE-2024-46784, CVE-2025-21726, CVE-2025-21785, CVE-2025-21791, CVE-2025-21812, CVE-2025-21886, CVE-2025-22004, CVE-2025-22020, CVE-2025-22029, CVE-2025-22045, CVE-2025-22055, CVE-2025-22097

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

sysstat=12.0.2-150000.3.40.1

CVE-2022-39377, CVE-2023-33204

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

openssh-common=8.4p1-150300.3.49.1, 8.4p1-150300.3.49.1, 8.4p1-150300.3.49.1, 8.4p1-150300.3.49.1, 8.4p1-150300.3.49.1

CVE-2025-32728

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

libpq5=17.5-150200.5.13.1, postgresql14-server=14.18-150200.5.58.1, postgresql14=14.18-150200.5.58.1

CVE-2025-4207

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

python3-setuptools=44.1.1-150400.9.12.1

CVE-2025-47273

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

glibc-lang=2.31-150300.95.1, 2.31-150300.95.1, 2.31-150300.95.1, 2.31-150300.95.1, 2.31-150300.95.1

CVE-2025-4802

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

ucode-intel=20250512-150200.56.1

CVE-2024-28956, CVE-2024-43420, CVE-2024-45332, CVE-2025-20012, CVE-2025-20054, CVE-2025-20103, CVE-2025-20623, CVE-2025-24495

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2025-30480

Dell PowerProtect Data Manager, versions prior to 19.19, contain(s) an Improper Input Validation vulnerability in PowerProtect Data Manager. A low privileged attacker with remote access could potentially exploit this vulnerability to read arbitrary files.

6.5

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2025-30480

Dell PowerProtect Data Manager, versions prior to 19.19, contain(s) an Improper Input Validation vulnerability in PowerProtect Data Manager. A low privileged attacker with remote access could potentially exploit this vulnerability to read arbitrary files.

6.5

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies recommande à tous les clients de prendre en compte à la fois le score de base CVSS et les scores temporels et environnementaux pertinents qui peuvent avoir un impact sur la gravité potentielle associée à une faille de sécurité donnée.

Produits concernés et mesure corrective

Product

Affected Versions

Remediated Versions

Link

Dell PowerProtect Data Manager

Versions prior to 19.20

Version 19.20 build 15 or later

PPDM 19.20 drivers and downloads

Product

Affected Versions

Remediated Versions

Link

Dell PowerProtect Data Manager

Versions prior to 19.20

Version 19.20 build 15 or later

PPDM 19.20 drivers and downloads

The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.

Historique des révisions

Revision

Date

Description

1.0

2025-07-29

Initial Release

2.0

2025-07-29

Updated for enhanced presentation with no changes to content

Remerciements

CVE-2025-30480: Dell would like to thank zzcentury from Ubisectech Sirius Team for reporting this issue.

Informations connexes

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Mention légale

Produits concernés

PowerProtect Data Manager Appliance, Data Protection Suite Series, PowerProtect Data Manager, PowerProtect Data Manager Essentials, PowerProtect Data Manager Software

Produits

PowerProtect DM5500
Propriétés de l’article
Numéro d’article: 000349609
Type d’article: Dell Security Advisory
Dernière modification: 29 juil. 2025
Trouvez des réponses à vos questions auprès d’autres utilisateurs Dell
Services de support
Vérifiez si votre appareil est couvert par les services de support.