PT-2025-4488 · Dell · Dell Update Package (Dup) Framework

Published

2025-01-07

Updated

2025-01-16

CVE-2025-22395

CVSS v3.1

8.2

High

Vector

AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Dell Update Package Framework versions prior to 22.01.02

Description A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary remote scripts on the server. Exploitation may lead to a denial of service by an attacker. This issue allows for local privilege escalation.

Recommendations For Dell Update Package Framework versions prior to 22.01.02, update to version 22.01.02 or later to resolve the issue. As a temporary workaround, consider restricting access to the server to minimize the risk of exploitation. Avoid executing arbitrary remote scripts on the server until the issue is resolved.

Fix

LPE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-280

Related Identifiers

CVE-2025-22395

Affected Products

Dell Update Package (Dup) Framework

PT-2025-4488 · Dell · Dell Update Package (Dup) Framework

CVE-2025-22395

Weakness Enumeration

Related Identifiers

Affected Products

References · 12