Vulnerability Details CVE-2025-43885
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 22.1%
CVSS Severity
CVSS v3 Score 7.8
Products affected by CVE-2025-43885
-
cpe:2.3:a:dell:powerprotect_data_manager:-
-
cpe:2.3:a:dell:powerprotect_data_manager:1.0
-
cpe:2.3:a:dell:powerprotect_data_manager:1.1
-
cpe:2.3:a:dell:powerprotect_data_manager:19.1
-
cpe:2.3:a:dell:powerprotect_data_manager:19.10
-
cpe:2.3:a:dell:powerprotect_data_manager:19.11
-
cpe:2.3:a:dell:powerprotect_data_manager:19.12
-
cpe:2.3:a:dell:powerprotect_data_manager:19.13
-
cpe:2.3:a:dell:powerprotect_data_manager:19.14
-
cpe:2.3:a:dell:powerprotect_data_manager:19.15
-
cpe:2.3:a:dell:powerprotect_data_manager:19.16
-
cpe:2.3:a:dell:powerprotect_data_manager:19.17
-
cpe:2.3:a:dell:powerprotect_data_manager:19.18
-
cpe:2.3:a:dell:powerprotect_data_manager:19.2
-
cpe:2.3:a:dell:powerprotect_data_manager:19.3
-
cpe:2.3:a:dell:powerprotect_data_manager:19.4
-
cpe:2.3:a:dell:powerprotect_data_manager:19.5
-
cpe:2.3:a:dell:powerprotect_data_manager:19.6
-
cpe:2.3:a:dell:powerprotect_data_manager:19.7
-
cpe:2.3:a:dell:powerprotect_data_manager:19.8
-
cpe:2.3:a:dell:powerprotect_data_manager:19.9
-
cpe:2.3:a:dell:powerprotect_data_manager:2.0
-
cpe:2.3:a:dell:powerprotect_data_manager:2.1