DSA-2025-326: Security Update for Dell PowerProtect Data Manager Multiple Security Vulnerabilities
Riepilogo: Dell PowerProtect Data Manager remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Questo articolo si applica a
Questo articolo non si applica a
Questo articolo non è legato a un prodotto specifico.
Non tutte le versioni del prodotto sono identificate in questo articolo.
Impatto
High
Ulteriori dettagli
The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Dettagli
|
Third-party Component |
CVEs |
More Information |
|---|---|---|
|
PPDM Core/UI: |
CVE-2025-27210 |
|
|
Reporting: |
CVE-2025-27533 |
|
|
Apache Commons BeanUtils 1.9.4 and 1.10.0 |
CVE-2025-48734 |
|
|
Apache CXF 4.0.5 |
CVE-2025-23184 |
|
|
Apache Tomcat 10.1.24 and 10.1.34 |
CVE-2025-24813, CVE-2025-31651, CVE-2025-31650, CVE-2024-38286 |
|
|
Infinispan 15.0.4.Final |
CVE-2025-0736 |
|
|
json-smart 2.5.1 |
CVE-2024-57699 |
|
|
Logback 1.5.6 |
CVE-2024-12798, CVE-2024-12801 |
|
|
Netty Project 4.1.110.Final and 4.1.116.Final |
CVE-2025-25193 |
|
|
Nimbus-JOSE-JWT 9.37.3 |
CVE-2025-53864 |
|
|
OTelcol-contrib v0.89.0 |
CVE-2024-36129 |
|
|
Spring Boot 3.3.0 |
CVE-2024-38807, CVE-2025-22235 |
|
|
Spring Framework 6.2.0 |
CVE-2024-38820, CVE-2025-22233 |
|
|
Spring Security 6.3.0 |
CVE-2024-38810 |
|
|
OS Update: |
CVE-2025-5278 |
|
|
coreutils 8.32-150400.9.9.1 |
CVE-2025-5278 |
|
|
java-17-openjdk-headless 17.0.16.0-150400.3.57.1 |
CVE-2025-30749, CVE-2025-30754, CVE-2025-50059, CVE-2025-50106 |
|
|
sudo-plugin-python 1.9.9-150400.4.39.1 |
CVE-2025-32462 |
|
|
sudo 1.9.9-150400.4.39.1 |
CVE-2025-32462 |
|
|
libgnutls30-hmac 3.7.3-150400.4.50.1 |
CVE-2024-12243, CVE-2025-32988, CVE-2025-32989, CVE-2025-32990, CVE-2025-6395 |
|
|
libgnutls30 3.7.3-150400.4.50.1 |
CVE-2024-12243, CVE-2025-32988, CVE-2025-32989, CVE-2025-32990, CVE-2025-6395 |
|
|
boost-license1_66_0 1.66.0-150200.12.7.1 |
CVE-2016-9840 |
|
|
libboost_system1_66_0 1.66.0-150200.12.7.1 |
CVE-2016-9840 |
|
|
libboost_thread1_66_0 1.66.0-150200.12.7.1 |
CVE-2016-9840 |
|
|
kernel-default 5.14.21-150400.24.170.2 |
CVE-2021-47557, CVE-2021-47595, CVE-2022-49110, CVE-2022-49139, CVE-2022-49767, CVE-2022-49769, CVE-2022-49770, CVE-2022-49771, CVE-2022-49772, CVE-2022-49775, CVE-2022-49776, CVE-2022-49777, CVE-2022-49779, CVE-2022-49783, CVE-2022-49787, CVE-2022-49788, CVE-2022-49789, CVE-2022-49790, CVE-2022-49792, CVE-2022-49793, CVE-2022-49794, CVE-2022-49796, CVE-2022-49797, CVE-2022-49799, CVE-2022-49800, CVE-2022-49801, CVE-2022-49802, CVE-2022-49807, CVE-2022-49809, CVE-2022-49810, CVE-2022-49812, CVE-2022-49813, CVE-2022-49818, CVE-2022-49821, CVE-2022-49822, CVE-2022-49823, CVE-2022-49824, CVE-2022-49825, CVE-2022-49826, CVE-2022-49827, CVE-2022-49830, CVE-2022-49832, CVE-2022-49834, CVE-2022-49835, CVE-2022-49836, CVE-2022-49839, CVE-2022-49841, CVE-2022-49842, CVE-2022-49845, CVE-2022-49846, CVE-2022-49850, CVE-2022-49853, CVE-2022-49858, CVE-2022-49860, CVE-2022-49861, CVE-2022-49863, CVE-2022-49864, CVE-2022-49865, CVE-2022-49868, CVE-2022-49869, CVE-2022-49870, CVE-2022-49871, CVE-2022-49874, CVE-2022-49879, CVE-2022-49880, CVE-2022-49881, CVE-2022-49885, CVE-2022-49887, CVE-2022-49888, CVE-2022-49889, CVE-2022-49890, CVE-2022-49891, CVE-2022-49892, CVE-2022-49900, CVE-2022-49905, CVE-2022-49906, CVE-2022-49908, CVE-2022-49909, CVE-2022-49910, CVE-2022-49915, CVE-2022-49916, CVE-2022-49922, CVE-2022-49923, CVE-2022-49924, CVE-2022-49925, CVE-2022-49927, CVE-2022-49928, CVE-2022-49931, CVE-2022-49934, CVE-2022-49936, CVE-2022-49937, CVE-2022-49938, CVE-2022-49940, CVE-2022-49942, CVE-2022-49945, CVE-2022-49946, CVE-2022-49948, CVE-2022-49950, CVE-2022-49952, CVE-2022-49954, CVE-2022-49956, CVE-2022-49957, CVE-2022-49958, CVE-2022-49960, CVE-2022-49964, CVE-2022-49966, CVE-2022-49968, CVE-2022-49969, CVE-2022-49977, CVE-2022-49978, CVE-2022-49981, CVE-2022-49982, CVE-2022-49983, CVE-2022-49984, CVE-2022-49985, CVE-2022-49986, CVE-2022-49987, CVE-2022-49989, CVE-2022-49990, CVE-2022-49993, CVE-2022-49995, CVE-2022-49999, CVE-2022-50005, CVE-2022-50006, CVE-2022-50008, CVE-2022-50010, CVE-2022-50011, CVE-2022-50012, CVE-2022-50019, CVE-2022-50020, CVE-2022-50021, CVE-2022-50022, CVE-2022-50023, CVE-2022-50024, CVE-2022-50026, CVE-2022-50027, CVE-2022-50028, CVE-2022-50029, CVE-2022-50030, CVE-2022-50031, CVE-2022-50032, CVE-2022-50033, CVE-2022-50034, CVE-2022-50036, CVE-2022-50038, CVE-2022-50039, CVE-2022-50040, CVE-2022-50045, CVE-2022-50046, CVE-2022-50047, CVE-2022-50051, CVE-2022-50053, CVE-2022-50055, CVE-2022-50059, CVE-2022-50060, CVE-2022-50061, CVE-2022-50062, CVE-2022-50065, CVE-2022-50066, CVE-2022-50067, CVE-2022-50068, CVE-2022-50072, CVE-2022-50073, CVE-2022-50074, CVE-2022-50076, CVE-2022-50077, CVE-2022-50079, CVE-2022-50083, CVE-2022-50084, CVE-2022-50085, CVE-2022-50087, CVE-2022-50092, CVE-2022-50093, CVE-2022-50094, CVE-2022-50095, CVE-2022-50097, CVE-2022-50098, CVE-2022-50099, CVE-2022-50100, CVE-2022-50101, CVE-2022-50102, CVE-2022-50103, CVE-2022-50104, CVE-2022-50108, CVE-2022-50109, CVE-2022-50110, CVE-2022-50111, CVE-2022-50112, CVE-2022-50116, CVE-2022-50118, CVE-2022-50120, CVE-2022-50121, CVE-2022-50124, CVE-2022-50125, CVE-2022-50126, CVE-2022-50127, CVE-2022-50129, CVE-2022-50131, CVE-2022-50132, CVE-2022-50134, CVE-2022-50136, CVE-2022-50137, CVE-2022-50138, CVE-2022-50139, CVE-2022-50140, CVE-2022-50141, CVE-2022-50142, CVE-2022-50143, CVE-2022-50145, CVE-2022-50146, CVE-2022-50149, CVE-2022-50151, CVE-2022-50152, CVE-2022-50153, CVE-2022-50154, CVE-2022-50155, CVE-2022-50156, CVE-2022-50157, CVE-2022-50158, CVE-2022-50160, CVE-2022-50161, CVE-2022-50162, CVE-2022-50164, CVE-2022-50165, CVE-2022-50169, CVE-2022-50171, CVE-2022-50172, CVE-2022-50173, CVE-2022-50175, CVE-2022-50176, CVE-2022-50178, CVE-2022-50179, CVE-2022-50181, CVE-2022-50185, CVE-2022-50187, CVE-2022-50190, CVE-2022-50191, CVE-2022-50192, CVE-2022-50194, CVE-2022-50196, CVE-2022-50197, CVE-2022-50198, CVE-2022-50199, CVE-2022-50200, CVE-2022-50201, CVE-2022-50202, CVE-2022-50203, CVE-2022-50204, CVE-2022-50206, CVE-2022-50207, CVE-2022-50208, CVE-2022-50209, CVE-2022-50211, CVE-2022-50212, CVE-2022-50213, CVE-2022-50215, CVE-2022-50218, CVE-2022-50220, CVE-2022-50222, CVE-2022-50226, CVE-2022-50228, CVE-2022-50229, CVE-2022-50231, CVE-2023-52924, CVE-2023-52925, CVE-2023-53035, CVE-2023-53038, CVE-2023-53039, CVE-2023-53040, CVE-2023-53041, CVE-2023-53044, CVE-2023-53045, CVE-2023-53048, CVE-2023-53049, CVE-2023-53051, CVE-2023-53052, CVE-2023-53054, CVE-2023-53056, CVE-2023-53058, CVE-2023-53059, CVE-2023-53060, CVE-2023-53062, CVE-2023-53064, CVE-2023-53065, CVE-2023-53066, CVE-2023-53068, CVE-2023-53075, CVE-2023-53076, CVE-2023-53077, CVE-2023-53078, CVE-2023-53079, CVE-2023-53081, CVE-2023-53084, CVE-2023-53087, CVE-2023-53089, CVE-2023-53090, CVE-2023-53091, CVE-2023-53092, CVE-2023-53093, CVE-2023-53096, CVE-2023-53097, CVE-2023-53098, CVE-2023-53099, CVE-2023-53100, CVE-2023-53101, CVE-2023-53106, CVE-2023-53108, CVE-2023-53111, CVE-2023-53114, CVE-2023-53116, CVE-2023-53118, CVE-2023-53119, CVE-2023-53123, CVE-2023-53124, CVE-2023-53125, CVE-2023-53131, CVE-2023-53134, CVE-2023-53137, CVE-2023-53139, CVE-2023-53140, CVE-2023-53142, CVE-2023-53143, CVE-2023-53145, CVE-2024-26808, CVE-2024-26924, CVE-2024-26935, CVE-2024-27397, CVE-2024-35840, CVE-2024-36978, CVE-2024-46800, CVE-2024-53057, CVE-2024-53125, CVE-2024-53141, CVE-2024-53168, CVE-2024-56558, CVE-2024-56770, CVE-2024-57947, CVE-2024-57999, CVE-2025-21700, CVE-2025-21702, CVE-2025-21703, CVE-2025-21756, CVE-2025-21888, CVE-2025-21999, CVE-2025-22056, CVE-2025-22060, CVE-2025-23138, CVE-2025-23141, CVE-2025-23145, CVE-2025-37752, CVE-2025-37785, CVE-2025-37789, CVE-2025-37797, CVE-2025-37798, CVE-2025-37823, CVE-2025-37890, CVE-2025-37932, CVE-2025-37948, CVE-2025-37953, CVE-2025-37963, CVE-2025-37997, CVE-2025-38000, CVE-2025-38001, CVE-2025-38014, CVE-2025-38083 |
|
|
libsystemd0 249.17-150400.8.49.2 |
CVE-2025-4598 |
|
|
libudev1 249.17-150400.8.49.2 |
CVE-2025-4598 |
|
|
systemd-coredump 249.17-150400.8.49.2 |
CVE-2025-4598 |
|
|
systemd-lang 249.17-150400.8.49.2 |
CVE-2025-4598 |
|
|
systemd-sysvinit 249.17-150400.8.49.2 |
CVE-2025-4598 |
|
|
pam-config 1.1-150200.3.14.1 |
CVE-2025-6018 |
|
|
libgcrypt20-hmac 1.9.4-150400.6.11.1 |
CVE-2024-2236 |
|
|
libgcrypt20 1.9.4-150400.6.11.1 |
CVE-2024-2236 |
|
|
pam 1.3.0-150000.6.83.1 |
CVE-2024-10041, CVE-2025-6018 |
|
|
xen-libs 4.16.7_02-150400.4.72.1 |
CVE-2024-28956, CVE-2024-36350, CVE-2024-36357, CVE-2025-1713, CVE-2025-27465 |
|
|
python3-urllib3 1.25.10-150300.4.15.1 |
CVE-2024-37891 |
|
|
libvmtools0 13.0.0-150300.61.1 |
CVE-2025-22247 |
|
|
open-vm-tools 13.0.0-150300.61.1 |
CVE-2025-22247 |
|
|
vim-data-common 9.1.1406-150000.5.75.1 |
CVE-2024-41965, CVE-2025-29768 |
|
|
vim-data 9.1.1406-150000.5.75.1 |
CVE-2024-41965, CVE-2025-29768 |
|
|
vim 9.1.1406-150000.5.75.1 |
CVE-2024-41965, CVE-2025-29768 |
|
|
xxd 9.1.1406-150000.5.75.1 |
CVE-2024-41965, CVE-2025-29768 |
|
|
libssh-config 0.9.8-150400.3.9.1 |
CVE-2025-4877, CVE-2025-4878, CVE-2025-5318, CVE-2025-5372 |
|
|
libssh4 0.9.8-150400.3.9.1 |
CVE-2025-4877, CVE-2025-4878, CVE-2025-5318, CVE-2025-5372 |
|
|
libpolkit0 0.116-150200.3.15.1 |
CVE-2025-7519 |
|
|
libsqlite3-0 3.50.2-150000.3.33.1 |
CVE-2025-29087, CVE-2025-29088, CVE-2025-3277, CVE-2025-6965 |
|
|
sqlite3-tcl 3.50.2-150000.3.33.1 |
CVE-2025-29087, CVE-2025-29088, CVE-2025-3277, CVE-2025-6965 |
|
|
docker-rootless-extras 28.2.2_ce-150000.227.1 |
CVE-2025-0495, CVE-2025-22872 |
|
|
docker 28.2.2_ce-150000.227.1 |
CVE-2025-0495, CVE-2025-22872 |
|
|
libxml2-2 2.9.14-150400.5.47.1 |
CVE-2025-32414, CVE-2025-32415, CVE-2025-49794, CVE-2025-49796, CVE-2025-6021, CVE-2025-6170, CVE-2025-7425 |
|
|
libxml2-tools 2.9.14-150400.5.47.1 |
CVE-2025-32414, CVE-2025-32415, CVE-2025-49794, CVE-2025-49796, CVE-2025-6021, CVE-2025-6170, CVE-2025-7425 |
|
|
libicu-suse65_1 65.1-150200.4.15.1 |
CVE-2025-5222 |
|
|
libicu65_1-ledata 65.1-150200.4.15.1 |
CVE-2025-5222 |
|
|
python3-requests 2.25.1-150300.3.18.1 |
CVE-2024-47081 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|---|---|---|---|
|
CVE-2025-43888 |
Dell PowerProtect Data Manager, Hyper-V, version(s) 19.19 and 19.20, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. |
8.8 |
|
|
CVE-2025-43884 |
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution. |
8.2 |
|
|
CVE-2025-43885 |
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution. |
7.8 |
|
|
CVE-2025-43725 |
Dell PowerProtect Data Manager, Generic Application Agent, version(s) 19.19 and 19.20, contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. |
7.8 |
|
|
CVE-2025-43887 |
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. |
7.0 |
|
|
|
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to gain unauthorized access with privileges of the compromised account. |
5.0 |
|
|
CVE-2025-43886 |
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Path Traversal: '.../...//' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker. |
4.4 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|---|---|---|---|
|
CVE-2025-43888 |
Dell PowerProtect Data Manager, Hyper-V, version(s) 19.19 and 19.20, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. |
8.8 |
|
|
CVE-2025-43884 |
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution. |
8.2 |
|
|
CVE-2025-43885 |
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution. |
7.8 |
|
|
CVE-2025-43725 |
Dell PowerProtect Data Manager, Generic Application Agent, version(s) 19.19 and 19.20, contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. |
7.8 |
|
|
CVE-2025-43887 |
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. |
7.0 |
|
|
|
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to gain unauthorized access with privileges of the compromised account. |
5.0 |
|
|
CVE-2025-43886 |
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Path Traversal: '.../...//' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker. |
4.4 |
Prodotti interessati e correzione
|
Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
|---|---|---|---|---|
|
Dell PowerProtect Data Manager |
PowerProtect Data Manager 19.21.0-11 |
Versions prior to 19.21 |
Version 19.21 build 11 or later |
PowerProtect Data Manager (PPDM) Version 19.21 | Drivers & Downloads |
|
Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
|---|---|---|---|---|
|
Dell PowerProtect Data Manager |
PowerProtect Data Manager 19.21.0-11 |
Versions prior to 19.21 |
Version 19.21 build 11 or later |
PowerProtect Data Manager (PPDM) Version 19.21 | Drivers & Downloads |
Cronologia delle revisioni
|
Revision |
Date |
Description |
|---|---|---|
|
1.0 |
2025-09-09 |
Initial Release |
|
2.0 |
2025-09-09 |
Updated for enhanced presentation with no changes to content |
Informazioni correlate
Dichiarazione di non responsabilità
Prodotti interessati
PowerProtect Data Manager Appliance, PowerProtect Data Manager, PowerProtect Data Manager Essentials, PowerProtect DM5500Proprietà dell'articolo
Numero articolo: 000367456
Tipo di articolo: Dell Security Advisory
Ultima modifica: 10 set 2025
Trova risposta alle tue domande dagli altri utenti Dell
Support Services
Verifica che il dispositivo sia coperto dai Servizi di supporto.