DSA-2025-034: Security update for Dell Update Package (DUP) Framework Vulnerability

摘要: Dell Update Package (DUP) Framework remediation is available for a Local Privilege Escalation vulnerability that could be exploited by malicious users to compromise the affected system. ...

影响

详情

受影响的产品和补救措施

解决方法和缓解措施

修订历史记录

确认

法律免责声明

受影响的产品

提供反馈

本文适用于本文不适用于本文并非针对某种特定的产品。本文并非包含所有产品版本。

查看其他资源

影响

High

详情

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2025-22395	Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary remote scripts on the server. Exploitation may lead to a denial of service by an attacker.	8.2	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2025-22395	Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary remote scripts on the server. Exploitation may lead to a denial of service by an attacker.	8.2	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Dell Technologies 建议所有客户考虑 CVSS 基本分数以及任何相关的时间和环境分数，这可能会影响与特定安全漏洞相关的潜在严重程度。

受影响的产品和补救措施

Product	Affected Versions	Remediated Versions	Link
Dell Update Package (DUP) Framework	Versions prior to 22.01.02	Version 22.01.02 or later	https://www.dell.com/support

Product	Affected Versions	Remediated Versions	Link
Dell Update Package (DUP) Framework	Versions prior to 22.01.02	Version 22.01.02 or later	https://www.dell.com/support

Note: To check the DUP Framework file version, right-click on the DUP file, select Properties, and click on the Details tab to find the File version number.

解决方法和缓解措施

CVE ID	Workaround and Mitigation
CVE-2025-22395	Recommend users not to use Extract option in Microsoft Windows OS if the File Version of update package is less than 22.01.02. If it is less than 22.01.02 we suggest using extract option via command prompt.

修订历史记录

Revision	Date	Description
1.0	2025-01-06	Initial Release
2.0	2025-01-06	Formatting change for the highlighted Note. No changes to content.

确认

Dell would like to thank Gee-netics for reporting this issue.

法律免责声明

受影响的产品

C Series, HS Series, Modular Infrastructure, Rack Servers, Tower Servers, XE Servers, XR Servers, OEM Server Solutions, Dell Update Packages - Current Version

文章编号: 000269079

文章类型: Dell Security Advisory

上次修改时间: 06 1月 2025

DSA-2025-034: Security update for Dell Update Package (DUP) Framework Vulnerability

摘要: Dell Update Package (DUP) Framework remediation is available for a Local Privilege Escalation vulnerability that could be exploited by malicious users to compromise the affected system. ...

影响

详情

受影响的产品和补救措施

解决方法和缓解措施

修订历史记录

确认

相关信息

法律免责声明

受影响的产品

影响

详情

受影响的产品和补救措施

解决方法和缓解措施

修订历史记录

确认

相关信息

法律免责声明

受影响的产品

文章属性

从其他戴尔用户那里查找问题的答案

支持服务

文章属性

从其他戴尔用户那里查找问题的答案

支持服务

DSA-2025-034: Security update for Dell Update Package (DUP) Framework Vulnerability

摘要: Dell Update Package (DUP) Framework remediation is available for a Local Privilege Escalation vulnerability that could be exploited by malicious users to compromise the affected system. ... 扩大查看范围 缩小查看范围

详细文章

影响

详情

受影响的产品和补救措施

解决方法和缓解措施

修订历史记录

确认

相关信息

法律免责声明

受影响的产品

文章属性

从其他戴尔用户那里查找问题的答案

支持服务

文章属性

从其他戴尔用户那里查找问题的答案

支持服务

摘要: Dell Update Package (DUP) Framework remediation is available for a Local Privilege Escalation vulnerability that could be exploited by malicious users to compromise the affected system. ...