CVE-2025-22475

Low

Published: 04 February 2025

Published

04 February 2025

Modified

07 February 2025

KEV Added

—

Patch

—

CVSS Score 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS Score 0.0018 39.5th percentile

Risk Priority 8 60% EPSS · 20% KEV · 20% CVSS

Description

Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10 contains a use of a Cryptographic Primitive with a Risky Implementation vulnerability. A remote attacker could potentially exploit this vulnerability, leading to Information tampering.

Security Summary

CVE-2025-22475 is a use of a Cryptographic Primitive with a Risky Implementation vulnerability, associated with CWE-1240 and CWE-327, affecting Dell PowerProtect DD systems. The vulnerability impacts versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10.

A remote attacker could potentially exploit this vulnerability over the network, with high attack complexity, no required privileges, and no user interaction. Successful exploitation could lead to information tampering, with a CVSS v3.1 base score of 3.7 (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

Dell's security advisory DSA-2025-022, available at https://www.dell.com/support/kbdoc/en-us/000279157/dsa-2025-022-security-update-for-dell-powerprotect-dd-multiple-vulnerabilities, details security updates for Dell PowerProtect DD that address this and other vulnerabilities, recommending upgrades to the specified fixed versions.

Details

CWE(s): CWE-1240CWE-327

Affected Products

dell

data domain operating system

7.10.1.0 — 7.10.1.50 · 7.13.1.0 — 7.13.1.10 · 7.14.0.0 — 8.3.0.0

References

https://www.dell.com/support/kbdoc/en-us/000279157/dsa-2025-022-security-update-for-dell-powerprotect-dd-multiple-vulnerabilities
Vendor Advisory · security_alert@emc.com