DSA-2025-326: Security Update for Dell PowerProtect Data Manager Multiple Security Vulnerabilities
摘要: Dell PowerProtect Data Manager remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
本文章適用於
本文章不適用於
本文無關於任何特定產品。
本文未識別所有產品版本。
影響
High
其他詳細資料
The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
詳細資料
|
Third-party Component |
CVEs |
More Information |
|---|---|---|
|
PPDM Core/UI: |
CVE-2025-27210 |
|
|
Reporting: |
CVE-2025-27533 |
|
|
Apache Commons BeanUtils 1.9.4 and 1.10.0 |
CVE-2025-48734 |
|
|
Apache CXF 4.0.5 |
CVE-2025-23184 |
|
|
Apache Tomcat 10.1.24 and 10.1.34 |
CVE-2025-24813, CVE-2025-31651, CVE-2025-31650, CVE-2024-38286 |
|
|
Infinispan 15.0.4.Final |
CVE-2025-0736 |
|
|
json-smart 2.5.1 |
CVE-2024-57699 |
|
|
Logback 1.5.6 |
CVE-2024-12798, CVE-2024-12801 |
|
|
Netty Project 4.1.110.Final and 4.1.116.Final |
CVE-2025-25193 |
|
|
Nimbus-JOSE-JWT 9.37.3 |
CVE-2025-53864 |
|
|
OTelcol-contrib v0.89.0 |
CVE-2024-36129 |
|
|
Spring Boot 3.3.0 |
CVE-2024-38807, CVE-2025-22235 |
|
|
Spring Framework 6.2.0 |
CVE-2024-38820, CVE-2025-22233 |
|
|
Spring Security 6.3.0 |
CVE-2024-38810 |
|
|
OS Update: |
CVE-2025-5278 |
|
|
coreutils 8.32-150400.9.9.1 |
CVE-2025-5278 |
|
|
java-17-openjdk-headless 17.0.16.0-150400.3.57.1 |
CVE-2025-30749, CVE-2025-30754, CVE-2025-50059, CVE-2025-50106 |
|
|
sudo-plugin-python 1.9.9-150400.4.39.1 |
CVE-2025-32462 |
|
|
sudo 1.9.9-150400.4.39.1 |
CVE-2025-32462 |
|
|
libgnutls30-hmac 3.7.3-150400.4.50.1 |
CVE-2024-12243, CVE-2025-32988, CVE-2025-32989, CVE-2025-32990, CVE-2025-6395 |
|
|
libgnutls30 3.7.3-150400.4.50.1 |
CVE-2024-12243, CVE-2025-32988, CVE-2025-32989, CVE-2025-32990, CVE-2025-6395 |
|
|
boost-license1_66_0 1.66.0-150200.12.7.1 |
CVE-2016-9840 |
|
|
libboost_system1_66_0 1.66.0-150200.12.7.1 |
CVE-2016-9840 |
|
|
libboost_thread1_66_0 1.66.0-150200.12.7.1 |
CVE-2016-9840 |
|
|
kernel-default 5.14.21-150400.24.170.2 |
CVE-2021-47557, CVE-2021-47595, CVE-2022-49110, CVE-2022-49139, CVE-2022-49767, CVE-2022-49769, CVE-2022-49770, CVE-2022-49771, CVE-2022-49772, CVE-2022-49775, CVE-2022-49776, CVE-2022-49777, CVE-2022-49779, CVE-2022-49783, CVE-2022-49787, CVE-2022-49788, CVE-2022-49789, CVE-2022-49790, CVE-2022-49792, CVE-2022-49793, CVE-2022-49794, CVE-2022-49796, CVE-2022-49797, CVE-2022-49799, CVE-2022-49800, CVE-2022-49801, CVE-2022-49802, CVE-2022-49807, CVE-2022-49809, CVE-2022-49810, CVE-2022-49812, CVE-2022-49813, CVE-2022-49818, CVE-2022-49821, CVE-2022-49822, CVE-2022-49823, CVE-2022-49824, CVE-2022-49825, CVE-2022-49826, CVE-2022-49827, CVE-2022-49830, CVE-2022-49832, CVE-2022-49834, CVE-2022-49835, CVE-2022-49836, CVE-2022-49839, CVE-2022-49841, CVE-2022-49842, CVE-2022-49845, CVE-2022-49846, CVE-2022-49850, CVE-2022-49853, CVE-2022-49858, CVE-2022-49860, CVE-2022-49861, CVE-2022-49863, CVE-2022-49864, CVE-2022-49865, CVE-2022-49868, CVE-2022-49869, CVE-2022-49870, CVE-2022-49871, CVE-2022-49874, CVE-2022-49879, CVE-2022-49880, CVE-2022-49881, CVE-2022-49885, CVE-2022-49887, CVE-2022-49888, CVE-2022-49889, CVE-2022-49890, CVE-2022-49891, CVE-2022-49892, CVE-2022-49900, CVE-2022-49905, CVE-2022-49906, CVE-2022-49908, CVE-2022-49909, CVE-2022-49910, CVE-2022-49915, CVE-2022-49916, CVE-2022-49922, CVE-2022-49923, CVE-2022-49924, CVE-2022-49925, CVE-2022-49927, CVE-2022-49928, CVE-2022-49931, CVE-2022-49934, CVE-2022-49936, CVE-2022-49937, CVE-2022-49938, CVE-2022-49940, CVE-2022-49942, CVE-2022-49945, CVE-2022-49946, CVE-2022-49948, CVE-2022-49950, CVE-2022-49952, CVE-2022-49954, CVE-2022-49956, CVE-2022-49957, CVE-2022-49958, CVE-2022-49960, CVE-2022-49964, CVE-2022-49966, CVE-2022-49968, CVE-2022-49969, CVE-2022-49977, CVE-2022-49978, CVE-2022-49981, CVE-2022-49982, CVE-2022-49983, CVE-2022-49984, CVE-2022-49985, CVE-2022-49986, CVE-2022-49987, CVE-2022-49989, CVE-2022-49990, CVE-2022-49993, CVE-2022-49995, CVE-2022-49999, CVE-2022-50005, CVE-2022-50006, CVE-2022-50008, CVE-2022-50010, CVE-2022-50011, CVE-2022-50012, CVE-2022-50019, CVE-2022-50020, CVE-2022-50021, CVE-2022-50022, CVE-2022-50023, CVE-2022-50024, CVE-2022-50026, CVE-2022-50027, CVE-2022-50028, CVE-2022-50029, CVE-2022-50030, CVE-2022-50031, CVE-2022-50032, CVE-2022-50033, CVE-2022-50034, CVE-2022-50036, CVE-2022-50038, CVE-2022-50039, CVE-2022-50040, CVE-2022-50045, CVE-2022-50046, CVE-2022-50047, CVE-2022-50051, CVE-2022-50053, CVE-2022-50055, CVE-2022-50059, CVE-2022-50060, CVE-2022-50061, CVE-2022-50062, CVE-2022-50065, CVE-2022-50066, CVE-2022-50067, CVE-2022-50068, CVE-2022-50072, CVE-2022-50073, CVE-2022-50074, CVE-2022-50076, CVE-2022-50077, CVE-2022-50079, CVE-2022-50083, CVE-2022-50084, CVE-2022-50085, CVE-2022-50087, CVE-2022-50092, CVE-2022-50093, CVE-2022-50094, CVE-2022-50095, CVE-2022-50097, CVE-2022-50098, CVE-2022-50099, CVE-2022-50100, CVE-2022-50101, CVE-2022-50102, CVE-2022-50103, CVE-2022-50104, CVE-2022-50108, CVE-2022-50109, CVE-2022-50110, CVE-2022-50111, CVE-2022-50112, CVE-2022-50116, CVE-2022-50118, CVE-2022-50120, CVE-2022-50121, CVE-2022-50124, CVE-2022-50125, CVE-2022-50126, CVE-2022-50127, CVE-2022-50129, CVE-2022-50131, CVE-2022-50132, CVE-2022-50134, CVE-2022-50136, CVE-2022-50137, CVE-2022-50138, CVE-2022-50139, CVE-2022-50140, CVE-2022-50141, CVE-2022-50142, CVE-2022-50143, CVE-2022-50145, CVE-2022-50146, CVE-2022-50149, CVE-2022-50151, CVE-2022-50152, CVE-2022-50153, CVE-2022-50154, CVE-2022-50155, CVE-2022-50156, CVE-2022-50157, CVE-2022-50158, CVE-2022-50160, CVE-2022-50161, CVE-2022-50162, CVE-2022-50164, CVE-2022-50165, CVE-2022-50169, CVE-2022-50171, CVE-2022-50172, CVE-2022-50173, CVE-2022-50175, CVE-2022-50176, CVE-2022-50178, CVE-2022-50179, CVE-2022-50181, CVE-2022-50185, CVE-2022-50187, CVE-2022-50190, CVE-2022-50191, CVE-2022-50192, CVE-2022-50194, CVE-2022-50196, CVE-2022-50197, CVE-2022-50198, CVE-2022-50199, CVE-2022-50200, CVE-2022-50201, CVE-2022-50202, CVE-2022-50203, CVE-2022-50204, CVE-2022-50206, CVE-2022-50207, CVE-2022-50208, CVE-2022-50209, CVE-2022-50211, CVE-2022-50212, CVE-2022-50213, CVE-2022-50215, CVE-2022-50218, CVE-2022-50220, CVE-2022-50222, CVE-2022-50226, CVE-2022-50228, CVE-2022-50229, CVE-2022-50231, CVE-2023-52924, CVE-2023-52925, CVE-2023-53035, CVE-2023-53038, CVE-2023-53039, CVE-2023-53040, CVE-2023-53041, CVE-2023-53044, CVE-2023-53045, CVE-2023-53048, CVE-2023-53049, CVE-2023-53051, CVE-2023-53052, CVE-2023-53054, CVE-2023-53056, CVE-2023-53058, CVE-2023-53059, CVE-2023-53060, CVE-2023-53062, CVE-2023-53064, CVE-2023-53065, CVE-2023-53066, CVE-2023-53068, CVE-2023-53075, CVE-2023-53076, CVE-2023-53077, CVE-2023-53078, CVE-2023-53079, CVE-2023-53081, CVE-2023-53084, CVE-2023-53087, CVE-2023-53089, CVE-2023-53090, CVE-2023-53091, CVE-2023-53092, CVE-2023-53093, CVE-2023-53096, CVE-2023-53097, CVE-2023-53098, CVE-2023-53099, CVE-2023-53100, CVE-2023-53101, CVE-2023-53106, CVE-2023-53108, CVE-2023-53111, CVE-2023-53114, CVE-2023-53116, CVE-2023-53118, CVE-2023-53119, CVE-2023-53123, CVE-2023-53124, CVE-2023-53125, CVE-2023-53131, CVE-2023-53134, CVE-2023-53137, CVE-2023-53139, CVE-2023-53140, CVE-2023-53142, CVE-2023-53143, CVE-2023-53145, CVE-2024-26808, CVE-2024-26924, CVE-2024-26935, CVE-2024-27397, CVE-2024-35840, CVE-2024-36978, CVE-2024-46800, CVE-2024-53057, CVE-2024-53125, CVE-2024-53141, CVE-2024-53168, CVE-2024-56558, CVE-2024-56770, CVE-2024-57947, CVE-2024-57999, CVE-2025-21700, CVE-2025-21702, CVE-2025-21703, CVE-2025-21756, CVE-2025-21888, CVE-2025-21999, CVE-2025-22056, CVE-2025-22060, CVE-2025-23138, CVE-2025-23141, CVE-2025-23145, CVE-2025-37752, CVE-2025-37785, CVE-2025-37789, CVE-2025-37797, CVE-2025-37798, CVE-2025-37823, CVE-2025-37890, CVE-2025-37932, CVE-2025-37948, CVE-2025-37953, CVE-2025-37963, CVE-2025-37997, CVE-2025-38000, CVE-2025-38001, CVE-2025-38014, CVE-2025-38083 |
|
|
libsystemd0 249.17-150400.8.49.2 |
CVE-2025-4598 |
|
|
libudev1 249.17-150400.8.49.2 |
CVE-2025-4598 |
|
|
systemd-coredump 249.17-150400.8.49.2 |
CVE-2025-4598 |
|
|
systemd-lang 249.17-150400.8.49.2 |
CVE-2025-4598 |
|
|
systemd-sysvinit 249.17-150400.8.49.2 |
CVE-2025-4598 |
|
|
pam-config 1.1-150200.3.14.1 |
CVE-2025-6018 |
|
|
libgcrypt20-hmac 1.9.4-150400.6.11.1 |
CVE-2024-2236 |
|
|
libgcrypt20 1.9.4-150400.6.11.1 |
CVE-2024-2236 |
|
|
pam 1.3.0-150000.6.83.1 |
CVE-2024-10041, CVE-2025-6018 |
|
|
xen-libs 4.16.7_02-150400.4.72.1 |
CVE-2024-28956, CVE-2024-36350, CVE-2024-36357, CVE-2025-1713, CVE-2025-27465 |
|
|
python3-urllib3 1.25.10-150300.4.15.1 |
CVE-2024-37891 |
|
|
libvmtools0 13.0.0-150300.61.1 |
CVE-2025-22247 |
|
|
open-vm-tools 13.0.0-150300.61.1 |
CVE-2025-22247 |
|
|
vim-data-common 9.1.1406-150000.5.75.1 |
CVE-2024-41965, CVE-2025-29768 |
|
|
vim-data 9.1.1406-150000.5.75.1 |
CVE-2024-41965, CVE-2025-29768 |
|
|
vim 9.1.1406-150000.5.75.1 |
CVE-2024-41965, CVE-2025-29768 |
|
|
xxd 9.1.1406-150000.5.75.1 |
CVE-2024-41965, CVE-2025-29768 |
|
|
libssh-config 0.9.8-150400.3.9.1 |
CVE-2025-4877, CVE-2025-4878, CVE-2025-5318, CVE-2025-5372 |
|
|
libssh4 0.9.8-150400.3.9.1 |
CVE-2025-4877, CVE-2025-4878, CVE-2025-5318, CVE-2025-5372 |
|
|
libpolkit0 0.116-150200.3.15.1 |
CVE-2025-7519 |
|
|
libsqlite3-0 3.50.2-150000.3.33.1 |
CVE-2025-29087, CVE-2025-29088, CVE-2025-3277, CVE-2025-6965 |
|
|
sqlite3-tcl 3.50.2-150000.3.33.1 |
CVE-2025-29087, CVE-2025-29088, CVE-2025-3277, CVE-2025-6965 |
|
|
docker-rootless-extras 28.2.2_ce-150000.227.1 |
CVE-2025-0495, CVE-2025-22872 |
|
|
docker 28.2.2_ce-150000.227.1 |
CVE-2025-0495, CVE-2025-22872 |
|
|
libxml2-2 2.9.14-150400.5.47.1 |
CVE-2025-32414, CVE-2025-32415, CVE-2025-49794, CVE-2025-49796, CVE-2025-6021, CVE-2025-6170, CVE-2025-7425 |
|
|
libxml2-tools 2.9.14-150400.5.47.1 |
CVE-2025-32414, CVE-2025-32415, CVE-2025-49794, CVE-2025-49796, CVE-2025-6021, CVE-2025-6170, CVE-2025-7425 |
|
|
libicu-suse65_1 65.1-150200.4.15.1 |
CVE-2025-5222 |
|
|
libicu65_1-ledata 65.1-150200.4.15.1 |
CVE-2025-5222 |
|
|
python3-requests 2.25.1-150300.3.18.1 |
CVE-2024-47081 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|---|---|---|---|
|
CVE-2025-43888 |
Dell PowerProtect Data Manager, Hyper-V, version(s) 19.19 and 19.20, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. |
8.8 |
|
|
CVE-2025-43884 |
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution. |
8.2 |
|
|
CVE-2025-43885 |
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution. |
7.8 |
|
|
CVE-2025-43725 |
Dell PowerProtect Data Manager, Generic Application Agent, version(s) 19.19 and 19.20, contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. |
7.8 |
|
|
CVE-2025-43887 |
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. |
7.0 |
|
|
|
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to gain unauthorized access with privileges of the compromised account. |
5.0 |
|
|
CVE-2025-43886 |
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Path Traversal: '.../...//' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker. |
4.4 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|---|---|---|---|
|
CVE-2025-43888 |
Dell PowerProtect Data Manager, Hyper-V, version(s) 19.19 and 19.20, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. |
8.8 |
|
|
CVE-2025-43884 |
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution. |
8.2 |
|
|
CVE-2025-43885 |
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution. |
7.8 |
|
|
CVE-2025-43725 |
Dell PowerProtect Data Manager, Generic Application Agent, version(s) 19.19 and 19.20, contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. |
7.8 |
|
|
CVE-2025-43887 |
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. |
7.0 |
|
|
|
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to gain unauthorized access with privileges of the compromised account. |
5.0 |
|
|
CVE-2025-43886 |
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Path Traversal: '.../...//' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker. |
4.4 |
受影響的產品與補救措施
|
Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
|---|---|---|---|---|
|
Dell PowerProtect Data Manager |
PowerProtect Data Manager 19.21.0-11 |
Versions prior to 19.21 |
Version 19.21 build 11 or later |
PowerProtect Data Manager (PPDM) Version 19.21 | Drivers & Downloads |
|
Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
|---|---|---|---|---|
|
Dell PowerProtect Data Manager |
PowerProtect Data Manager 19.21.0-11 |
Versions prior to 19.21 |
Version 19.21 build 11 or later |
PowerProtect Data Manager (PPDM) Version 19.21 | Drivers & Downloads |
修訂歷史記錄
|
Revision |
Date |
Description |
|---|---|---|
|
1.0 |
2025-09-09 |
Initial Release |
|
2.0 |
2025-09-09 |
Updated for enhanced presentation with no changes to content |
相關資訊
法律免責聲明
受影響的產品
PowerProtect Data Manager Appliance, PowerProtect Data Manager, PowerProtect Data Manager Essentials, PowerProtect DM5500文章屬性
文章編號: 000367456
文章類型: Dell Security Advisory
上次修改時間: 10 9月 2025
向其他 Dell 使用者尋求您問題的答案
支援服務
檢查您的裝置是否在支援服務的涵蓋範圍內。