PT-2025-37068 · Dell · Dell Powerprotect Data Manager
Published
2025-04-18
·
Updated
2025-10-20
·
CVE-2025-43885
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Dell PowerProtect Data Manager versions 19.19 and 19.20
Description:
Dell PowerProtect Data Manager, running on Hyper-V, contains an Improper Neutralization of Special Elements used in an OS Command vulnerability, also known as OS Command Injection. A local attacker with low privileges could potentially execute commands on the system.
Recommendations:
For Dell PowerProtect Data Manager version 19.19, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
For Dell PowerProtect Data Manager version 19.20, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dell Powerprotect Data Manager