CVE-2025-22395
8.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Summary
Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary remote scripts on the server. Exploitation may lead to a denial of service by an attacker.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Dell | Dell Update Package (DUP) Framework | N/A < 22.01.02 | affected |
Weaknesses
- CWE-280: CWE-280: Improper Handling of Insufficient Permissions or Privileges
Workarounds
Recommend users not to use Extract option in Microsoft Windows OS if the File Version of update package is less than 22.01.02. If it is less than 22.01.02 we suggest using extract option via command prompt.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.