DSA-2025-373: Security Update for Dell Repository Manager Vulnerability

摘要: Dell Repository Manager remediation is available for Time-of-Check to Time-of-Use (TOCTOU) race condition that could be exploited by malicious users to compromise the affected system.

影響

詳細資料

受影響的產品與補救措施

因應措施與緩解措施

修訂歷史記錄

感謝

法律免責聲明

受影響的產品

提供意見反應

本文章適用於本文章不適用於本文無關於任何特定產品。本文未識別所有產品版本。

查看其他資源

影響

High

詳細資料

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2025-45376	Dell Repository Manager (DRM), versions 3.4.7 and 3.4.8, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.	7.5	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2025-45376	Dell Repository Manager (DRM), versions 3.4.7 and 3.4.8, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.	7.5	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

Dell Technologies 建議所有客戶不僅要參考 CVSS 基本分數，也要將可能會影響與特定安全漏洞相關之潛在嚴重性的所有相關暫時和環境分數納入考量。

受影響的產品與補救措施

Product	Affected Versions	Remediated Versions	Link
Dell Repository Manager	Versions 3.4.7 and 3.4.8	Version 3.4.9	https://www.dell.com/support/home/drivers/driversdetails?driverId=915XT

Product	Affected Versions	Remediated Versions	Link
Dell Repository Manager	Versions 3.4.7 and 3.4.8	Version 3.4.9	https://www.dell.com/support/home/drivers/driversdetails?driverId=915XT

No action required from the customer if DRM v3.4.9 is already installed by the customer. However, we recommend the workaround mentioned above.

因應措施與緩解措施

CVE ID	Workaround and Mitigation
CVE-2025-45376	Ensure there is no symbolic link to DRM working directory and its sub-directories.

修訂歷史記錄

Revision	Date	Description
1.0	2025-09-29	Initial Release

感謝

Dell would like to thank Ouallaout Noureddine for reporting this issue.

法律免責聲明

受影響的產品

Dell EMC Repository Manager - Current Versions

文章編號: 000375461

文章類型: Dell Security Advisory

上次修改時間: 29 9月 2025

檢查您的裝置是否在支援服務的涵蓋範圍內。

DSA-2025-373: Security Update for Dell Repository Manager Vulnerability

摘要: Dell Repository Manager remediation is available for Time-of-Check to Time-of-Use (TOCTOU) race condition that could be exploited by malicious users to compromise the affected system.

影響

詳細資料

受影響的產品與補救措施

因應措施與緩解措施

修訂歷史記錄

感謝

相關資訊

法律免責聲明

受影響的產品

影響

詳細資料

受影響的產品與補救措施

因應措施與緩解措施

修訂歷史記錄

感謝

相關資訊

法律免責聲明

受影響的產品

文章屬性

向其他 Dell 使用者尋求您問題的答案

支援服務

文章屬性

向其他 Dell 使用者尋求您問題的答案

支援服務

DSA-2025-373: Security Update for Dell Repository Manager Vulnerability

摘要: Dell Repository Manager remediation is available for Time-of-Check to Time-of-Use (TOCTOU) race condition that could be exploited by malicious users to compromise the affected system.

詳細文章

影響

詳細資料

受影響的產品與補救措施

因應措施與緩解措施

修訂歷史記錄

感謝

相關資訊

法律免責聲明

受影響的產品

文章屬性

向其他 Dell 使用者尋求您問題的答案

支援服務

文章屬性

向其他 Dell 使用者尋求您問題的答案

支援服務