OS Command Injection Vulnerability in Dell PowerProtect Data Manager
CVE-2025-43884

8.2HIGH

Key Information:

Vendor: Dell
Status: Powerprotect Data Manager
Vendor: CVE Published:; 10 September 2025

What is CVE-2025-43884?

Dell PowerProtect Data Manager versions 19.19 and 19.20 are impacted by a vulnerability that allows a high-privileged attacker with local access to execute arbitrary commands. This issue arises from an improper neutralization of special elements in the operating system command interface, opening the door for potential exploitation. Users of affected versions are urged to implement necessary security measures to mitigate risks associated with this vulnerability.

Affected Version(s)

PowerProtect Data Manager < 19.21 build 11

References

https://www.dell.com/support/kbdoc/en-us/000367456/dsa-20...

vendor-advisory

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 10, 2025
Vulnerability Reserved
Apr 18, 2025