CVE-2025-22395

Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary remote scripts on the server. Exploitation may lead to a denial of service by an attacker.

CVSS v3 8.2 HIGH

8.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.5 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000269079/dsa-2025-034-security-update-for-dell-update-package-dup-framework-vulnerability	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:dell:update_package_framework:*:*:*:*:*:*:*:*

History

04 Feb 2025, 15:49

Type	Values Removed	Values Added
References	~~() https://www.dell.com/support/kbdoc/en-us/000269079/dsa-2025-034-security-update-for-dell-update-package-dup-framework-vulnerability -~~	() https://www.dell.com/support/kbdoc/en-us/000269079/dsa-2025-034-security-update-for-dell-update-package-dup-framework-vulnerability - Vendor Advisory
CPE		cpe:2.3:a:dell:update_package_framework::::::::
First Time		Dell update Package Framework Dell
Summary		(es) Dell Update Package Framework, versiones anteriores a la 22.01.02, contiene una vulnerabilidad de escalada de privilegios locales. Un atacante local con poco nivel de privilegios podría aprovechar esta vulnerabilidad, lo que provocaría la ejecución de scripts remotos arbitrarios en el servidor. La explotación puede provocar una denegación de servicio por parte de un atacante.
CWE		NVD-CWE-noinfo

07 Jan 2025, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-07 03:15

Updated : 2025-02-04 15:49

NVD link : CVE-2025-22395

Mitre link : CVE-2025-22395

CVE.ORG link : CVE-2025-22395

JSON object : View

Products Affected

dell

update_package_framework

CWE

CWE-280

Improper Handling of Insufficient Permissions or Privileges

NVD-CWE-noinfo

{"id": "CVE-2025-22395", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2025-01-07T03:15:06.047", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000269079/dsa-2025-034-security-update-for-dell-update-package-dup-framework-vulnerability", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-280"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary remote scripts on the server. Exploitation may lead to a denial of service by an attacker."}, {"lang": "es", "value": "Dell Update Package Framework, versiones anteriores a la 22.01.02, contiene una vulnerabilidad de escalada de privilegios locales. Un atacante local con poco nivel de privilegios podr\u00eda aprovechar esta vulnerabilidad, lo que provocar\u00eda la ejecuci\u00f3n de scripts remotos arbitrarios en el servidor. La explotaci\u00f3n puede provocar una denegaci\u00f3n de servicio por parte de un atacante."}], "lastModified": "2025-02-04T15:49:52.617", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:update_package_framework:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D60A8235-9077-47AB-943B-BB923F803750", "versionEndExcluding": "22.01.02"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}