DSA-2025-215: Security Update for Dell VxRail for Multiple Third-Party Component Vulnerabilities
Zhrnutie: Dell VxRail remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Tento článok sa vzťahuje na
Tento článok sa nevzťahuje na
Tento článok nie je viazaný na žiadny konkrétny produkt.
V tomto článku nie sú uvedené všetky verzie produktov.
Dosah
Critical
Podrobnosti
| Third-party Component | CVEs | More Information |
| VMware ESXi 7.0.3 and vCenter Server 7.0.3 | CVE-2025-41225, CVE-2025-41226, CVE-2025-41227, CVE-2025-41228, CVE-2025-41241 | VMSA-2025-0010 , VMSA-2025-0014 |
| vCenter Server 7.0.3 | CVE-2024-42154,CVE-2024-42224,CVE-2024-38428, CVE-2023-46589, CVE-2024-23672,CVE-2024-24549, CVE-2024-0743,CVE-2024-26458,CVE-2024-26461,CVE-2024-26898,CVE-2024-37370,CVE-2024-37371,CVE-2024-38588,CVE-2024-6345,CVE-2024-9681,CVE-2024-23807, CVE-2024-44987, CVE-2024-44998, CVE-2024-44999, CVE-2024-46673, CVE-2024-46674, CVE-2024-45490, CVE-2024-45491, CVE-2024-45492, CVE-2024-27282, CVE-2024-2397, CVE-2023-5115 | VMware vCenter Server Photon OS Security Patches |
| Security Update for Dell AMD-based PowerEdge Server Vulnerability | CVE-2024-36347 | DSA-2025-112 |
| Security Update for Dell PowerEdge Server BIOS for Tianocore EDK2 Vulnerability | CVE-2024-38796 | DSA-2025-038 |
| Dell PowerEdge Server Security Update for Intel® Ethernet Controllers & Adapters and Intel® Processor Vulnerabilities | CVE-2024-25571, CVE-2024-21859, CVE-2024-31155, CVE-2024-37020, CVE-2024-24852, CVE-2024-36274 | DSA-2025-042 |
| Security Update for Dell AMD-based PowerEdge Server and GPU Vulnerabilities | CVE-2023-31342, CVE-2023-31343, CVE-2023-31345, CVE-2023-20581, CVE-2023-20582, CVE-2024-21924, CVE-2024-21925 | DSA-2025-085 |
| Security Update for Dell PowerEdge Server for Intel 2025 Security Advisories (2025.1 IPU) | CVE-2024-28956, CVE-2024-39279, CVE-2024-28047 | DSA-2025-041 |
| Security Update for Dell PowerEdge Server for Intel 2024 Security Advisories (2024.4 IPU) | CVE-2024-31068 | DSA-2024-381 |
| SQLite | CVE-2023-7104 | https://nvd.nist.gov/vuln/search |
| Python | CVE-2024-35195, CVE-2022-40899, CVE-2024-6345 | https://nvd.nist.gov/vuln/search |
| CPython | CVE-2024-7592, CVE-2024-6232, CVE-2024-3219, CVE-2024-6923 | https://nvd.nist.gov/vuln/search |
| OpenSSL | CVE-2024-2511 | https://nvd.nist.gov/vuln/search |
| urllib3 | CVE-2024-37891 | https://nvd.nist.gov/vuln/search |
| Python-Requests | CVE-2023-32681 | https://nvd.nist.gov/vuln/search |
| XZ Utils | CVE-2024-47611, CVE-2020-22916 | https://nvd.nist.gov/vuln/search |
| Security Update for Dell iDRAC9 and iDRAC10 Vulnerabilities | CVE-2025-22397 | DSA-2025-376 |
| SUSE Updates | CVE-2025-31650, CVE-2025-31651, CVE-2023-40403, CVE-2024-55549, CVE-2025-24855, CVE-2022-49080, CVE-2024-35949, CVE-2024-50128, CVE-2024-53135, CVE-2024-57948, CVE-2025-21690, CVE-2025-21692, CVE-2025-21699, CVE-2025-27363, CVE-2025-27219, CVE-2025-27220, CVE-2024-47220, CVE-2025-1795, CVE-2025-22868, CVE-2025-22869, CVE-2024-8176, CVE-2025-2784, CVE-2025-32050, CVE-2025-32052, CVE-2025-32053, CVE-2025-32907, CVE-2025-32914, CVE-2025-46420, CVE-2025-46421, CVE-2025-24813, CVE-2024-56337, CVE-2025-21587, CVE-2025-30691, CVE-2025-30698, CVE-2022-49053, CVE-2022-49465, CVE-2022-49739, CVE-2023-52935, CVE-2024-53064, CVE-2024-56651, CVE-2024-58083, CVE-2025-21693, CVE-2025-21714, CVE-2025-21732, CVE-2025-21753, CVE-2025-21772, CVE-2025-32051, CVE-2025-32906, CVE-2025-32909, CVE-2025-32910, CVE-2025-32912, CVE-2025-32913, CVE-2025-32433, CVE-2025-31344 | www.suse.com |
Dotknuté produkty a riešenie problému
| Product | Affected Versions | Remediated Versions | Link |
| Dell VxRail Appliance | Versions 7.0.000 through 7.0.541 | Version 7.0.550 or later | https://www.dell.com/support/home/product-support/product/vxrail-appliance-series/drivers |
| Product | Affected Versions | Remediated Versions | Link |
| Dell VxRail Appliance | Versions 7.0.000 through 7.0.541 | Version 7.0.550 or later | https://www.dell.com/support/home/product-support/product/vxrail-appliance-series/drivers |
Alternatívne riešenia a zmiernenia
| CVE ID | Workaround and Mitigation |
| CVE-2023-48795 | https://www.dell.com/support/kbdoc/000318019/vxrail-how-to-mitigate-openssh-vulnerability-cve-2023-48795-on-vcenter-server-appliance |
| CVE-2025-2884 | https://www.dell.com/support/kbdoc/000346621 |
| CVE-2025-41236, CVE-2025-41237, CVE-2025-41238,CVE-2025-41239 | https://www.dell.com/support/kbdoc/000343605 |
História revízií
| Revision | Date | Description |
| 1.0 | 2025-05-28 | Initial Release |
| 2.0 | 2025-07-28 | Added mitigation for CVE-2025-2884 |
| 3.0 | 2025-08-12 | Added mitigation for CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239 and added CVE-2025-41241 to the advisory. |
| 4.0 | 2025-09-18 | Updated the Mitigation link for CVE-2025-2884 |
| 5.0 | 2025-11-14 | Added CVE-2025-22397 to the remediated table |
Súvisiace informácie
Legal Disclaimer
Dotknuté produkty
VxRail, VxRail Appliance Series, VxRail E660, VxRail E660NVlastnosti článku
Číslo článku: 000325586
Typ článku: Dell Security Advisory
Dátum poslednej úpravy: 14 nov 2025
Nájdite odpovede na svoje otázky od ostatných používateľov spoločnosti Dell
Služby podpory
Skontrolujte, či sa na vaše zariadenie vzťahujú služby podpory.