Dell Technologies has issued a security advisory (DSA-2025-047) to address a vulnerability in the Dell Update Manager Plugin (UMP) that could expose sensitive data to malicious actors.
The flaw, identified as CVE-2025-22402, is categorized as a low-risk issue but requires immediate attention and remediation for affected users.
The vulnerability has been classified as Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS).
.png
)
Using this security loophole, a low-privileged attacker with remote access could exploit the affected system to trigger unintended actions, potentially leading to information exposure and system compromise.
The vulnerability has been rated with a CVSS Base Score of 2.6 (low) and has the vector string: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N.
Vulnerability Details
Dell Update Manager Plugin (UMP) versions 1.5.0 through 1.6.0 are affected. The issue arises due to improper handling and sanitization of user inputs in the plugin. This allows malicious actors to inject harmful scripts into web interfaces.
Affected Versions:
- Dell Update Manager Plugin versions 1.5.0 through 1.6.0
Dell advises customers to update immediately to Version 1.7.0, which includes security patches to address this vulnerability. The updated software can be downloaded from Dell’s official website.
Dell recommends applying input sanitization techniques to prevent exploitation of user inputs. However, upgrading to version 1.7.0 remains the most effective solution.
Dell Technologies emphasizes that the impact of this vulnerability may vary depending on the system and its configuration.
Users are strongly encouraged to determine applicability to their specific environment and apply the recommended remediation promptly.
For full details, refer to the Dell OpenManage Enterprise Update Manager v1.7 documentation on Dell’s official website.
Dell further notes that no action is necessary if version 1.7.0 is already installed. Customers are encouraged to remain vigilant about applying any subsequent updates to stay protected against emerging threats.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
 to address a vulnerability in the Dell Update Manager Plugin (UMP).){kind=link}