CVE-2025-26335
📋 TL;DR
Dell PowerProtect Cyber Recovery versions before 19.18.0.2 expose sensitive information in sent data. A high-privileged remote attacker can exploit this to access confidential information. Organizations using affected versions of this cyber recovery solution are vulnerable.
💻 Affected Systems
- Dell PowerProtect Cyber Recovery
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Sensitive recovery data, credentials, or configuration details are exposed to attackers, potentially compromising the entire cyber recovery environment and enabling further attacks.
Likely Case
Exposure of internal system information, configuration details, or metadata that could aid attackers in reconnaissance or targeted attacks.
If Mitigated
Limited exposure of non-critical information with proper network segmentation and access controls in place.
🎯 Exploit Status
Exploitation requires high-privileged access, which reduces attack surface but increases impact if compromised.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 19.18.0.2 or later
Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000306005/dsa-2025-113-security-update-for-dell-powerprotect-cyber-recovery
Restart Required: Yes
Instructions:
1. Download Dell PowerProtect Cyber Recovery version 19.18.0.2 or later from Dell support portal. 2. Backup current configuration. 3. Apply the update following Dell's upgrade documentation. 4. Restart the system as required. 5. Verify the update was successful.
🔧 Temporary Workarounds
Network Segmentation
allRestrict network access to PowerProtect Cyber Recovery systems to only necessary administrative networks.
Privilege Reduction
allImplement least privilege access controls and regularly audit administrative accounts.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate PowerProtect systems from untrusted networks
- Enhance monitoring and logging of all access to PowerProtect systems, particularly by high-privileged accounts
🔍 How to Verify
Check if Vulnerable:
Check the PowerProtect Cyber Recovery version via the management interface or CLI. If version is below 19.18.0.2, the system is vulnerable.Check Version:
Check via PowerProtect Cyber Recovery web interface or consult Dell documentation for specific CLI commands.Verify Fix Applied:
After patching, verify the version shows 19.18.0.2 or higher in the management interface or via version check commands.📡 Detection & Monitoring
Log Indicators:
- Unusual data export activities
- Suspicious access patterns by high-privileged accounts
- Large data transfers from PowerProtect systems
Network Indicators:
- Unexpected outbound traffic from PowerProtect systems containing sensitive data patterns
SIEM Query:
source="powerprotect*" AND (event_type="data_export" OR user_privilege="high") AND data_size>threshold