Powerprotect Data Manager
CVE-2025-23375
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) an Incorrect Use of Privileged APIs vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
AnalysisAI
Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) an Incorrect Use of Privileged APIs vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-648. Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) an Incorrect Use of Privileged APIs vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. Affected products include: Dell Powerprotect Data Manager.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Powerprotect Data Manager
View allDell PowerProtect Data Manager, Hyper-V, version(s) 19.19 and 19.20, contain(s) an Insertion of Sensitive Information in
Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgott
Dell PPDM versions 19.12, 19.11 and 19.10, contain an improper access control vulnerability. Rated high severity (CVSS 8
Dell PowerProtect Data Manager versions prior to 19.22 contain an incorrect privilege assignment flaw that allows remote
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Ele
Dell PowerProtect Data Manager, version 19.15 and prior versions, contain an OS command injection vulnerability. Rated h
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Incorrect Default Permissions vulnerab
Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection vulnerability. Rated medium sev
Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an
Dell PowerProtect Data Manager versions prior to 19.22 contain a privilege assignment flaw that allows low-privileged re
Dell PowerProtect Data Manager versions prior to 19.22 contain improper verification of REST API communication channels
Dell PowerProtect Data Manager versions prior to 19.22 contain improper verification of communication channels in the RE
Same weakness CWE-648 – Incorrect Use of Privileged APIs
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today