DSA-2025-277: Security Update for Dell AppSync Vulnerabilities
摘要: Dell AppSync remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
本文章適用於
本文章不適用於
本文無關於任何特定產品。
本文未識別所有產品版本。
影響
Medium
詳細資料
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2025-36603 | Dell AppSync, version(s) 4.6.0.0, contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering. | 4.2 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L |
| CVE-2025-32744 | Dell AppSync, version(s) 4.6.0.0, contains an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote execution. | 6.6 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2025-36603 | Dell AppSync, version(s) 4.6.0.0, contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering. | 4.2 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L |
| CVE-2025-32744 | Dell AppSync, version(s) 4.6.0.0, contains an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote execution. | 6.6 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L |
受影響的產品與補救措施
| Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
| Dell AppSync | AppSync | Versions prior to 4.6.0.4 | Version 4.6.0.4 or later | https://dl.dell.com/downloads/JD3VM_AppSync-4.6.0.4-(Build-number-4.6.0.4-74)-Software.zip |
| Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
| Dell AppSync | AppSync | Versions prior to 4.6.0.4 | Version 4.6.0.4 or later | https://dl.dell.com/downloads/JD3VM_AppSync-4.6.0.4-(Build-number-4.6.0.4-74)-Software.zip |
修訂歷史記錄
| Revision | Date | Description |
| 1.0 | 2025-07-15 | Initial Release |
| 2.0 | 2025-07-15 | Updated the CVE details |
感謝
CVE-2025-36603: Dell would like to thank Ouallaout Noureddine for reporting this issue
CVE-2025-32744: Dell would like to thank Ahmed Y. Elmogy for reporting this issue
相關資訊
法律免責聲明
受影響的產品
AppSync, AppSync文章屬性
文章編號: 000345331
文章類型: Dell Security Advisory
上次修改時間: 15 7月 2025
向其他 Dell 使用者尋求您問題的答案
支援服務
檢查您的裝置是否在支援服務的涵蓋範圍內。