Dell Technologies has issued a security advisory (DSA-2025-047) to address a vulnerability in the Dell Update Manager Plugin (UMP) that could expose sensitive data to malicious actors.
The flaw, identified as CVE-2025-22402, is categorized as a low-risk issue but requires immediate attention and remediation for affected users.
The vulnerability has been classified as Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS).
Using this security loophole, a low-privileged attacker with remote access could exploit the affected system to trigger unintended actions, potentially leading to information exposure and system compromise.
The vulnerability has been rated with a CVSS Base Score of 2.6 (low) and has the vector string: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N.
Dell Update Manager Plugin (UMP) versions 1.5.0 through 1.6.0 are affected. The issue arises due to improper handling and sanitization of user inputs in the plugin. This allows malicious actors to inject harmful scripts into web interfaces.
Affected Versions:
Dell advises customers to update immediately to Version 1.7.0, which includes security patches to address this vulnerability. The updated software can be downloaded from Dell’s official website.
Dell recommends applying input sanitization techniques to prevent exploitation of user inputs. However, upgrading to version 1.7.0 remains the most effective solution.
Dell Technologies emphasizes that the impact of this vulnerability may vary depending on the system and its configuration.
Users are strongly encouraged to determine applicability to their specific environment and apply the recommended remediation promptly.
For full details, refer to the Dell OpenManage Enterprise Update Manager v1.7 documentation on Dell’s official website.
Dell further notes that no action is necessary if version 1.7.0 is already installed. Customers are encouraged to remain vigilant about applying any subsequent updates to stay protected against emerging threats.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
Trend Micro, a cybersecurity firm, has released its 50th installment report on the Russian-speaking cybercriminal…
The Pakistan-linked Advanced Persistent Threat (APT) group known as SideCopy has significantly expanded its targeting…
Russian state-backed advanced persistent threat (APT) group Storm-2372 has exploited device code phishing to bypass…
Threat actors are exploiting weaknesses in SMS verification systems to generate massive, fraudulent message traffic,…
The cyber threat landscape has witnessed remarkable adaptation from the notorious hacker collective known as…
North Korean threat actors have demonstrated their adept use of social engineering techniques combined with…