Tuesday, May 6, 2025
HomeCVE/vulnerabilityMultiple Flaws in Dell PowerProtect Allow System Compromise

Multiple Flaws in Dell PowerProtect Allow System Compromise

Published on

SIEM as a Service

Follow Us on Google News

Dell has released a Critical Security Update (DSA-2025-022) for its PowerProtect Data Domain (DD) systems to address multiple vulnerabilities that could allow attackers to compromise affected systems.

These vulnerabilities, identified in various components and open-source dependencies, highlight the importance of timely patching to safeguard enterprise data protection environments.

Impact of the Disclosed Vulnerabilities

The vulnerabilities include seven classified as “Critical” severity—CVE-2024-33871CVE-2024-41110CVE-2024-38428CVE-2024-24790CVE-2024-37371CVE-2024-24577, and CVE-2018-6913—which may allow escalation of privileges, unauthorized system access, denial of service, or sensitive data exfiltration. 

- Advertisement - Google News

Breakdown of Critical CVEs

  1. CVE-2024-33871: This vulnerability, found in Artifex Ghostscript, raises concerns over potential code execution risks. Exploitation could allow attackers to compromise the integrity of data and system security.
  2. CVE-2024-41110: A critical flaw in Docker could enable attackers to escape containerized environments, potentially gaining unauthorized access to host systems and modifying configurations.
  3. CVE-2024-38428: Located in GNU Wget, this vulnerability could be exploited to execute malicious scripts or compromise data downloads, posing a serious threat to the system.
  4. CVE-2024-24790: Found in the HTTP protocol library, this issue allows attackers to launch denial-of-service or man-in-the-middle attacks on the system.
  5. CVE-2024-37371: Within the Kerberos krb5 library, this flaw allows attackers to bypass authentication mechanisms, potentially compromising system access controls.
  6. CVE-2024-24577: A vulnerability in libgit2, this issue could lead to remote code execution or repository tampering.
  7. CVE-2018-6913: Related to Perl, this vulnerability impacts older dependencies still used in the ecosystem, exposing systems to arbitrary code execution risks.

Affected Products

The vulnerabilities impact multiple Dell PowerProtect DD systems. Organizations using these systems are urged to review Dell’s official advisory (DSA-2025-022) to identify specific affected models and implement the recommended patches.

Dell has released security patches to address these vulnerabilities. Administrators are advised to:

  • Immediately apply the corresponding updates from Dell’s official support portal.
  • Review their system environments for signs of exploitation.
  • Monitor vendor notifications for possible future updates.

The discovery of critical vulnerabilities in enterprise backup and recovery products like Dell PowerProtect DD underscores the need for constant vigilance and timely patch management.

Organizations relying on these systems must act swiftly to mitigate risks and ensure data security.

Are you from SOC/DFIR Teams? – Analyse Malware Files & Links with ANY.RUN Sandox -> Start Now for Free.

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations,...

Uncovering the Security Risks of Data Exposure in AI-Powered Tools like Snowflake’s CORTEX

As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search...

UNC3944 Hackers Shift from SIM Swapping to Ransomware and Data Extortion

UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider,...

Over 2,800 Hacked Websites Targeting MacOS Users with AMOS Stealer Malware

Cybersecurity researcher has uncovered a massive malware campaign targeting MacOS users through approximately 2,800...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations,...

Uncovering the Security Risks of Data Exposure in AI-Powered Tools like Snowflake’s CORTEX

As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search...

UNC3944 Hackers Shift from SIM Swapping to Ransomware and Data Extortion

UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider,...