CVE-2025-22395

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 7, 2025

Updated: Feb 4, 2025

CWE ID 280

Summary

CVE-2025-22395 is a Local Privilege Escalation vulnerability affecting the Dell Update Package Framework. Versions prior to 22.01.02 are vulnerable to this issue. A low-privileged attacker can potentially exploit this flaw, gaining the ability to execute arbitrary remote scripts on the server. The exploitation of this vulnerability may result in a denial of service for the affected system. It is strongly recommended that users update their Dell Update Package Framework to a secure version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Dell Update Package Framework

Affected Vendors

Dell Technologies

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/2OxPOs
https://www.cve.org/CVERecord?id=CVE-2025-22395
https://nvd.nist.gov/vuln/detail/CVE-2025-22395

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

Know What Matters

For Customers

For Partners