CVE-2025-43725 – Dell PowerProtect Data Manager Generic Applicat... (How to Fix)

Q: What is the severity of CVE-2025-43725?

CVE-2025-43725 has a CVSS score of 7.8 (HIGH). Dell PowerProtect Data Manager Generic Application Agent versions 19.19 and 19.20 have incorrect default permissions that allow local low-privileged attackers to execute arbitrary code. This affects organizations using these specific versions of Dell's backup management software.

📋 TL;DR

Dell PowerProtect Data Manager Generic Application Agent versions 19.19 and 19.20 have incorrect default permissions that allow local low-privileged attackers to execute arbitrary code. This affects organizations using these specific versions of Dell's backup management software.

💻 Affected Systems

Products:

Dell PowerProtect Data Manager Generic Application Agent

Versions: 19.19 and 19.20

Operating Systems: Not specified in advisory - likely multiple OS supported by PowerProtect

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Generic Application Agent component within PowerProtect Data Manager deployments.

📦 What is this software?

Powerprotect Data Manager by Dell

View all CVEs affecting Powerprotect Data Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through privilege escalation to administrator/root, allowing data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Local attacker gains elevated privileges on the affected system, potentially accessing sensitive backup data or disrupting backup operations.

🟢

If Mitigated

Attack contained to isolated backup management system with limited lateral movement potential due to network segmentation.

🌐 Internet-Facing: LOW - Requires local access to exploit, not directly exploitable over network.

🏢 Internal Only: HIGH - Local attackers (including compromised accounts or malicious insiders) can exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires local access and low-privileged credentials. No public exploit details available at time of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to version beyond 19.20 as specified in Dell advisory

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000367456/dsa-2025-326-security-update-for-dell-powerprotect-data-manager-multiple-security-vulnerabilities

Restart Required: Yes

Instructions:

1. Review Dell advisory DSA-2025-326. 2. Download appropriate update from Dell support portal. 3. Apply update following Dell PowerProtect Data Manager update procedures. 4. Restart affected services/systems as required.

🔧 Temporary Workarounds

Restrict Local Access

all

Limit local login access to PowerProtect systems to authorized administrators only

Principle of Least Privilege

all

Review and minimize local user privileges on affected systems

🧯 If You Can't Patch

Isolate PowerProtect systems on dedicated VLAN with strict access controls
Implement application allowlisting to prevent unauthorized code execution

🔍 How to Verify

Check if Vulnerable:

Check PowerProtect Data Manager version via web interface or CLI: 'ppdmcli version' or equivalent

Check Version:

ppdmcli version (or check web admin interface)

Verify Fix Applied:

Verify version is updated beyond 19.20 and check Dell advisory for specific fixed version

📡 Detection & Monitoring

Log Indicators:

Unusual local privilege escalation attempts
Suspicious process execution from low-privileged accounts
Unauthorized file permission changes

Network Indicators:

Unusual outbound connections from PowerProtect systems

SIEM Query:

source="PowerProtect" AND (event_type="privilege_escalation" OR process_execution FROM low_privilege_user)

📊 Metadata

CVE ID: CVE-2025-43725

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-276

EPSS Score: 0.01% exploit probability (1.8th percentile)

Published: September 10, 2025

Last Updated: November 4, 2025

🔗 References

https://www.dell.com/support/kbdoc/en-us/000367456/dsa-2025-326-security-update-for-dell-powerprotect-data-manager-multiple-security-vulnerabilities Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-43725, you might also want to check these: