Dell PowerProtect Data Manager Flaw Allows System Compromise by Attackers

Dell has released a critical security update for its PowerProtect Data Manager (PPDM) platform, addressing multiple vulnerabilities that could allow attackers to compromise systems and execute arbitrary commands.

The security advisory DSA-2025-326 reveals several high-severity flaws affecting versions 19.19 and 19.20 of the enterprise data protection solution.

Critical Command Injection Vulnerabilities Discovered

The most severe vulnerabilities include two command injection flaws tracked as CVE-2025-43884 and CVE-2025-43885.

CVE-2025-43884 carries a CVSS score of 8.2 and requires high-privileged local access, while CVE-2025-43885 has a CVSS score of 7.8 and only requires low-privileged access to exploit.

Both vulnerabilities affect the Hyper-V component and involve improper neutralization of special elements used in OS commands, potentially allowing attackers to execute malicious commands on compromised systems.

Another concerning flaw is CVE-2025-43888, which carries the highest CVSS score of 8.8. This vulnerability involves the insertion of sensitive information into log files, enabling low-privileged attackers with local access to gain unauthorized access to critical system data.

The flaw affects the Hyper-V component of PowerProtect Data Manager and could expose confidential information that attackers might leverage for further system compromise.

Dell’s security advisory also identifies CVE-2025-43725, affecting the Generic Application Agent with a CVSS score of 7.8.

This vulnerability stems from incorrect default permissions that could allow low-privileged attackers to execute malicious code.

Similarly, CVE-2025-43887 presents an elevation of privileges risk with a CVSS score of 7.0, enabling attackers to gain higher system access levels than intended.

The advisory reveals additional vulnerabilities including a plaintext password storage issue (CVSS 5.0) and a path traversal flaw CVE-2025-43886 (CVSS 4.4).

The plaintext storage vulnerability could expose user credentials to high-privileged attackers, while the path traversal flaw might grant unauthorized filesystem access.

Beyond proprietary code vulnerabilities, Dell’s update addresses numerous third-party component flaws affecting Apache Tomcat, Spring Framework, Java OpenJDK, and various system libraries.

These include vulnerabilities in Apache Commons BeanUtils, Apache CXF, Logback, Netty Project, and multiple kernel components that could provide additional attack vectors for malicious actors.

Dell strongly recommends immediate upgrading to PowerProtect Data Manager version 19.21 build 11 or later to address all identified vulnerabilities.

Organizations using affected versions should prioritize this update given the severity of the command injection and information disclosure risks that could lead to complete system compromise.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.