CVE-2025-22475

CVSS 3.7 LOWEPSS 0.2%CWE-1240

In short

Dell PowerProtect DD uses a weak or risky way to encrypt data, which could allow an attacker to tamper with information sent over the network. This affects older versions of the software and could compromise data integrity.

Technical detail

The vulnerability stems from a risky cryptographic implementation (CWE-1240) in Dell PowerProtect DD versions before 8.3.0.0, 7.10.1.50, and 7.13.1.10. A remote attacker can exploit this to tamper with protected information, indicating insufficient cryptographic strength or validation mechanisms.

Summary generated and translated by AI from the official description.

Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10 contains a use of a Cryptographic Primitive with a Risky Implementation vulnerability. A remote attacker could potentially exploit this vulnerability, leading to Information tampering.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Dell · PowerProtect DD

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.dell.com/support/kbdoc/en-us/000279157/dsa-2025-022-security-update-for-dell-powerprotect-dd-multiple-vulnerabilities