DSA-2025-326: Security Update for Dell PowerProtect Data Manager Multiple Security Vulnerabilities
Zhrnutie: Dell PowerProtect Data Manager remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Dosah
High
Ďalšie podrobnosti
The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Podrobnosti
|
Third-party Component |
CVEs |
More Information |
|---|---|---|
|
PPDM Core/UI: |
CVE-2025-27210 |
|
|
Reporting: |
CVE-2025-27533 |
|
|
Apache Commons BeanUtils 1.9.4 and 1.10.0 |
CVE-2025-48734 |
|
|
Apache CXF 4.0.5 |
CVE-2025-23184 |
|
|
Apache Tomcat 10.1.24 and 10.1.34 |
CVE-2025-24813, CVE-2025-31651, CVE-2025-31650, CVE-2024-38286 |
|
|
Infinispan 15.0.4.Final |
CVE-2025-0736 |
|
|
json-smart 2.5.1 |
CVE-2024-57699 |
|
|
Logback 1.5.6 |
CVE-2024-12798, CVE-2024-12801 |
|
|
Netty Project 4.1.110.Final and 4.1.116.Final |
CVE-2025-25193 |
|
|
Nimbus-JOSE-JWT 9.37.3 |
CVE-2025-53864 |
|
|
OTelcol-contrib v0.89.0 |
CVE-2024-36129 |
|
|
Spring Boot 3.3.0 |
CVE-2024-38807, CVE-2025-22235 |
|
|
Spring Framework 6.2.0 |
CVE-2024-38820, CVE-2025-22233 |
|
|
Spring Security 6.3.0 |
CVE-2024-38810 |
|
|
OS Update: |
CVE-2025-5278 |
|
|
coreutils 8.32-150400.9.9.1 |
CVE-2025-5278 |
|
|
java-17-openjdk-headless 17.0.16.0-150400.3.57.1 |
CVE-2025-30749, CVE-2025-30754, CVE-2025-50059, CVE-2025-50106 |
|
|
sudo-plugin-python 1.9.9-150400.4.39.1 |
CVE-2025-32462 |
|
|
sudo 1.9.9-150400.4.39.1 |
CVE-2025-32462 |
|
|
libgnutls30-hmac 3.7.3-150400.4.50.1 |
CVE-2024-12243, CVE-2025-32988, CVE-2025-32989, CVE-2025-32990, CVE-2025-6395 |
|
|
libgnutls30 3.7.3-150400.4.50.1 |
CVE-2024-12243, CVE-2025-32988, CVE-2025-32989, CVE-2025-32990, CVE-2025-6395 |
|
|
boost-license1_66_0 1.66.0-150200.12.7.1 |
CVE-2016-9840 |
|
|
libboost_system1_66_0 1.66.0-150200.12.7.1 |
CVE-2016-9840 |
|
|
libboost_thread1_66_0 1.66.0-150200.12.7.1 |
CVE-2016-9840 |
|
|
kernel-default 5.14.21-150400.24.170.2 |
CVE-2021-47557, CVE-2021-47595, CVE-2022-49110, CVE-2022-49139, CVE-2022-49767, CVE-2022-49769, CVE-2022-49770, CVE-2022-49771, CVE-2022-49772, CVE-2022-49775, CVE-2022-49776, CVE-2022-49777, CVE-2022-49779, CVE-2022-49783, CVE-2022-49787, CVE-2022-49788, CVE-2022-49789, CVE-2022-49790, CVE-2022-49792, CVE-2022-49793, CVE-2022-49794, CVE-2022-49796, CVE-2022-49797, CVE-2022-49799, CVE-2022-49800, CVE-2022-49801, CVE-2022-49802, CVE-2022-49807, CVE-2022-49809, CVE-2022-49810, CVE-2022-49812, CVE-2022-49813, CVE-2022-49818, CVE-2022-49821, CVE-2022-49822, CVE-2022-49823, CVE-2022-49824, CVE-2022-49825, CVE-2022-49826, CVE-2022-49827, CVE-2022-49830, CVE-2022-49832, CVE-2022-49834, CVE-2022-49835, CVE-2022-49836, CVE-2022-49839, CVE-2022-49841, CVE-2022-49842, CVE-2022-49845, CVE-2022-49846, CVE-2022-49850, CVE-2022-49853, CVE-2022-49858, CVE-2022-49860, CVE-2022-49861, CVE-2022-49863, CVE-2022-49864, CVE-2022-49865, CVE-2022-49868, CVE-2022-49869, CVE-2022-49870, CVE-2022-49871, CVE-2022-49874, CVE-2022-49879, CVE-2022-49880, CVE-2022-49881, CVE-2022-49885, CVE-2022-49887, CVE-2022-49888, CVE-2022-49889, CVE-2022-49890, CVE-2022-49891, CVE-2022-49892, CVE-2022-49900, CVE-2022-49905, CVE-2022-49906, CVE-2022-49908, CVE-2022-49909, CVE-2022-49910, CVE-2022-49915, CVE-2022-49916, CVE-2022-49922, CVE-2022-49923, CVE-2022-49924, CVE-2022-49925, CVE-2022-49927, CVE-2022-49928, CVE-2022-49931, CVE-2022-49934, CVE-2022-49936, CVE-2022-49937, CVE-2022-49938, CVE-2022-49940, CVE-2022-49942, CVE-2022-49945, CVE-2022-49946, CVE-2022-49948, CVE-2022-49950, CVE-2022-49952, CVE-2022-49954, CVE-2022-49956, CVE-2022-49957, CVE-2022-49958, CVE-2022-49960, CVE-2022-49964, CVE-2022-49966, CVE-2022-49968, CVE-2022-49969, CVE-2022-49977, CVE-2022-49978, CVE-2022-49981, CVE-2022-49982, CVE-2022-49983, CVE-2022-49984, CVE-2022-49985, CVE-2022-49986, CVE-2022-49987, CVE-2022-49989, CVE-2022-49990, CVE-2022-49993, CVE-2022-49995, CVE-2022-49999, CVE-2022-50005, CVE-2022-50006, CVE-2022-50008, CVE-2022-50010, CVE-2022-50011, CVE-2022-50012, CVE-2022-50019, CVE-2022-50020, CVE-2022-50021, CVE-2022-50022, CVE-2022-50023, CVE-2022-50024, CVE-2022-50026, CVE-2022-50027, CVE-2022-50028, CVE-2022-50029, CVE-2022-50030, CVE-2022-50031, CVE-2022-50032, CVE-2022-50033, CVE-2022-50034, CVE-2022-50036, CVE-2022-50038, CVE-2022-50039, CVE-2022-50040, CVE-2022-50045, CVE-2022-50046, CVE-2022-50047, CVE-2022-50051, CVE-2022-50053, CVE-2022-50055, CVE-2022-50059, CVE-2022-50060, CVE-2022-50061, CVE-2022-50062, CVE-2022-50065, CVE-2022-50066, CVE-2022-50067, CVE-2022-50068, CVE-2022-50072, CVE-2022-50073, CVE-2022-50074, CVE-2022-50076, CVE-2022-50077, CVE-2022-50079, CVE-2022-50083, CVE-2022-50084, CVE-2022-50085, CVE-2022-50087, CVE-2022-50092, CVE-2022-50093, CVE-2022-50094, CVE-2022-50095, CVE-2022-50097, CVE-2022-50098, CVE-2022-50099, CVE-2022-50100, CVE-2022-50101, CVE-2022-50102, CVE-2022-50103, CVE-2022-50104, CVE-2022-50108, CVE-2022-50109, CVE-2022-50110, CVE-2022-50111, CVE-2022-50112, CVE-2022-50116, CVE-2022-50118, CVE-2022-50120, CVE-2022-50121, CVE-2022-50124, CVE-2022-50125, CVE-2022-50126, CVE-2022-50127, CVE-2022-50129, CVE-2022-50131, CVE-2022-50132, CVE-2022-50134, CVE-2022-50136, CVE-2022-50137, CVE-2022-50138, CVE-2022-50139, CVE-2022-50140, CVE-2022-50141, CVE-2022-50142, CVE-2022-50143, CVE-2022-50145, CVE-2022-50146, CVE-2022-50149, CVE-2022-50151, CVE-2022-50152, CVE-2022-50153, CVE-2022-50154, CVE-2022-50155, CVE-2022-50156, CVE-2022-50157, CVE-2022-50158, CVE-2022-50160, CVE-2022-50161, CVE-2022-50162, CVE-2022-50164, CVE-2022-50165, CVE-2022-50169, CVE-2022-50171, CVE-2022-50172, CVE-2022-50173, CVE-2022-50175, CVE-2022-50176, CVE-2022-50178, CVE-2022-50179, CVE-2022-50181, CVE-2022-50185, CVE-2022-50187, CVE-2022-50190, CVE-2022-50191, CVE-2022-50192, CVE-2022-50194, CVE-2022-50196, CVE-2022-50197, CVE-2022-50198, CVE-2022-50199, CVE-2022-50200, CVE-2022-50201, CVE-2022-50202, CVE-2022-50203, CVE-2022-50204, CVE-2022-50206, CVE-2022-50207, CVE-2022-50208, CVE-2022-50209, CVE-2022-50211, CVE-2022-50212, CVE-2022-50213, CVE-2022-50215, CVE-2022-50218, CVE-2022-50220, CVE-2022-50222, CVE-2022-50226, CVE-2022-50228, CVE-2022-50229, CVE-2022-50231, CVE-2023-52924, CVE-2023-52925, CVE-2023-53035, CVE-2023-53038, CVE-2023-53039, CVE-2023-53040, CVE-2023-53041, CVE-2023-53044, CVE-2023-53045, CVE-2023-53048, CVE-2023-53049, CVE-2023-53051, CVE-2023-53052, CVE-2023-53054, CVE-2023-53056, CVE-2023-53058, CVE-2023-53059, CVE-2023-53060, CVE-2023-53062, CVE-2023-53064, CVE-2023-53065, CVE-2023-53066, CVE-2023-53068, CVE-2023-53075, CVE-2023-53076, CVE-2023-53077, CVE-2023-53078, CVE-2023-53079, CVE-2023-53081, CVE-2023-53084, CVE-2023-53087, CVE-2023-53089, CVE-2023-53090, CVE-2023-53091, CVE-2023-53092, CVE-2023-53093, CVE-2023-53096, CVE-2023-53097, CVE-2023-53098, CVE-2023-53099, CVE-2023-53100, CVE-2023-53101, CVE-2023-53106, CVE-2023-53108, CVE-2023-53111, CVE-2023-53114, CVE-2023-53116, CVE-2023-53118, CVE-2023-53119, CVE-2023-53123, CVE-2023-53124, CVE-2023-53125, CVE-2023-53131, CVE-2023-53134, CVE-2023-53137, CVE-2023-53139, CVE-2023-53140, CVE-2023-53142, CVE-2023-53143, CVE-2023-53145, CVE-2024-26808, CVE-2024-26924, CVE-2024-26935, CVE-2024-27397, CVE-2024-35840, CVE-2024-36978, CVE-2024-46800, CVE-2024-53057, CVE-2024-53125, CVE-2024-53141, CVE-2024-53168, CVE-2024-56558, CVE-2024-56770, CVE-2024-57947, CVE-2024-57999, CVE-2025-21700, CVE-2025-21702, CVE-2025-21703, CVE-2025-21756, CVE-2025-21888, CVE-2025-21999, CVE-2025-22056, CVE-2025-22060, CVE-2025-23138, CVE-2025-23141, CVE-2025-23145, CVE-2025-37752, CVE-2025-37785, CVE-2025-37789, CVE-2025-37797, CVE-2025-37798, CVE-2025-37823, CVE-2025-37890, CVE-2025-37932, CVE-2025-37948, CVE-2025-37953, CVE-2025-37963, CVE-2025-37997, CVE-2025-38000, CVE-2025-38001, CVE-2025-38014, CVE-2025-38083 |
|
|
libsystemd0 249.17-150400.8.49.2 |
CVE-2025-4598 |
|
|
libudev1 249.17-150400.8.49.2 |
CVE-2025-4598 |
|
|
systemd-coredump 249.17-150400.8.49.2 |
CVE-2025-4598 |
|
|
systemd-lang 249.17-150400.8.49.2 |
CVE-2025-4598 |
|
|
systemd-sysvinit 249.17-150400.8.49.2 |
CVE-2025-4598 |
|
|
pam-config 1.1-150200.3.14.1 |
CVE-2025-6018 |
|
|
libgcrypt20-hmac 1.9.4-150400.6.11.1 |
CVE-2024-2236 |
|
|
libgcrypt20 1.9.4-150400.6.11.1 |
CVE-2024-2236 |
|
|
pam 1.3.0-150000.6.83.1 |
CVE-2024-10041, CVE-2025-6018 |
|
|
xen-libs 4.16.7_02-150400.4.72.1 |
CVE-2024-28956, CVE-2024-36350, CVE-2024-36357, CVE-2025-1713, CVE-2025-27465 |
|
|
python3-urllib3 1.25.10-150300.4.15.1 |
CVE-2024-37891 |
|
|
libvmtools0 13.0.0-150300.61.1 |
CVE-2025-22247 |
|
|
open-vm-tools 13.0.0-150300.61.1 |
CVE-2025-22247 |
|
|
vim-data-common 9.1.1406-150000.5.75.1 |
CVE-2024-41965, CVE-2025-29768 |
|
|
vim-data 9.1.1406-150000.5.75.1 |
CVE-2024-41965, CVE-2025-29768 |
|
|
vim 9.1.1406-150000.5.75.1 |
CVE-2024-41965, CVE-2025-29768 |
|
|
xxd 9.1.1406-150000.5.75.1 |
CVE-2024-41965, CVE-2025-29768 |
|
|
libssh-config 0.9.8-150400.3.9.1 |
CVE-2025-4877, CVE-2025-4878, CVE-2025-5318, CVE-2025-5372 |
|
|
libssh4 0.9.8-150400.3.9.1 |
CVE-2025-4877, CVE-2025-4878, CVE-2025-5318, CVE-2025-5372 |
|
|
libpolkit0 0.116-150200.3.15.1 |
CVE-2025-7519 |
|
|
libsqlite3-0 3.50.2-150000.3.33.1 |
CVE-2025-29087, CVE-2025-29088, CVE-2025-3277, CVE-2025-6965 |
|
|
sqlite3-tcl 3.50.2-150000.3.33.1 |
CVE-2025-29087, CVE-2025-29088, CVE-2025-3277, CVE-2025-6965 |
|
|
docker-rootless-extras 28.2.2_ce-150000.227.1 |
CVE-2025-0495, CVE-2025-22872 |
|
|
docker 28.2.2_ce-150000.227.1 |
CVE-2025-0495, CVE-2025-22872 |
|
|
libxml2-2 2.9.14-150400.5.47.1 |
CVE-2025-32414, CVE-2025-32415, CVE-2025-49794, CVE-2025-49796, CVE-2025-6021, CVE-2025-6170, CVE-2025-7425 |
|
|
libxml2-tools 2.9.14-150400.5.47.1 |
CVE-2025-32414, CVE-2025-32415, CVE-2025-49794, CVE-2025-49796, CVE-2025-6021, CVE-2025-6170, CVE-2025-7425 |
|
|
libicu-suse65_1 65.1-150200.4.15.1 |
CVE-2025-5222 |
|
|
libicu65_1-ledata 65.1-150200.4.15.1 |
CVE-2025-5222 |
|
|
python3-requests 2.25.1-150300.3.18.1 |
CVE-2024-47081 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|---|---|---|---|
|
CVE-2025-43888 |
Dell PowerProtect Data Manager, Hyper-V, version(s) 19.19 and 19.20, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. |
8.8 |
|
|
CVE-2025-43884 |
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution. |
8.2 |
|
|
CVE-2025-43885 |
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution. |
7.8 |
|
|
CVE-2025-43725 |
Dell PowerProtect Data Manager, Generic Application Agent, version(s) 19.19 and 19.20, contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. |
7.8 |
|
|
CVE-2025-43887 |
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. |
7.0 |
|
|
|
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to gain unauthorized access with privileges of the compromised account. |
5.0 |
|
|
CVE-2025-43886 |
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Path Traversal: '.../...//' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker. |
4.4 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|---|---|---|---|
|
CVE-2025-43888 |
Dell PowerProtect Data Manager, Hyper-V, version(s) 19.19 and 19.20, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. |
8.8 |
|
|
CVE-2025-43884 |
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution. |
8.2 |
|
|
CVE-2025-43885 |
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution. |
7.8 |
|
|
CVE-2025-43725 |
Dell PowerProtect Data Manager, Generic Application Agent, version(s) 19.19 and 19.20, contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. |
7.8 |
|
|
CVE-2025-43887 |
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. |
7.0 |
|
|
|
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to gain unauthorized access with privileges of the compromised account. |
5.0 |
|
|
CVE-2025-43886 |
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Path Traversal: '.../...//' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker. |
4.4 |
Dotknuté produkty a riešenie problému
|
Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
|---|---|---|---|---|
|
Dell PowerProtect Data Manager |
PowerProtect Data Manager 19.21.0-11 |
Versions prior to 19.21 |
Version 19.21 build 11 or later |
PowerProtect Data Manager (PPDM) Version 19.21 | Drivers & Downloads |
|
Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
|---|---|---|---|---|
|
Dell PowerProtect Data Manager |
PowerProtect Data Manager 19.21.0-11 |
Versions prior to 19.21 |
Version 19.21 build 11 or later |
PowerProtect Data Manager (PPDM) Version 19.21 | Drivers & Downloads |
História revízií
|
Revision |
Date |
Description |
|---|---|---|
|
1.0 |
2025-09-09 |
Initial Release |
|
2.0 |
2025-09-09 |
Updated for enhanced presentation with no changes to content |