Plaintext Password Storage Vulnerability in Dell PowerProtect Data Manager
CVE-2025-43938

5MEDIUM

Key Information:

Vendor: Dell
Status: Powerprotect Data Manager
Vendor: CVE Published:; 10 September 2025

What is CVE-2025-43938?

A significant security concern has been identified in Dell PowerProtect Data Manager versions 19.19 and 19.20 concerning the storage of passwords in plaintext. This issue allows a high privileged attacker with local access to potentially expose user credentials. The compromised credentials can be used to gain unauthorized access, posing severe risks to data integrity and security. Organizations using affected versions should apply available updates promptly to mitigate potential threats.

Affected Version(s)

PowerProtect Data Manager < 19.21 build 11

References

https://www.dell.com/support/kbdoc/en-us/000367456/dsa-20...

vendor-advisory

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 10, 2025
Vulnerability Reserved
Apr 20, 2025