Dell
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Dell product.
RSS Feeds for Dell security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Dell products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Dell Sorted by Most Security Vulnerabilities since 2018
Known Exploited Dell Vulnerabilities
The following Dell vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
Title | Description | Added |
---|---|---|
Dell dbutil Driver Insufficient Access Control Vulnerability |
Dell dbutil driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service, or information disclosure. CVE-2021-21551 Exploit Probability: 60.5% |
March 31, 2022 |
The vulnerability CVE-2021-21551: Dell dbutil Driver Insufficient Access Control Vulnerability is in the top 5% of the currently known exploitable vulnerabilities.
By the Year
In 2025 there have been 33 vulnerabilities in Dell with an average score of 6.4 out of ten. Last year, in 2024 Dell had 218 security vulnerabilities published. Right now, Dell is on track to have less security vulnerabilities in 2025 than it did last year. Last year, the average CVE base score was greater by 0.64
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 33 | 6.44 |
2024 | 218 | 7.08 |
2023 | 163 | 6.95 |
2022 | 124 | 7.21 |
2021 | 139 | 6.93 |
2020 | 34 | 7.38 |
2019 | 52 | 7.34 |
2018 | 57 | 7.21 |
It may take a day or so for new Dell vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Dell Security Vulnerabilities
Dell ThinOS 2502 and prior contain a Cleartext Storage of Sensitive Information vulnerability
CVE-2025-32752
4.6 - Medium
- May 29, 2025
Dell ThinOS 2502 and prior contain a Cleartext Storage of Sensitive Information vulnerability. A high privileged attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.
Cleartext Storage of Sensitive Information
Dell PowerStore, version(s) 4.0.0.0, contain(s) an Use of Hard-coded Credentials vulnerability in the PowerStore image file
CVE-2025-36572
- May 28, 2025
Dell PowerStore, version(s) 4.0.0.0, contain(s) an Use of Hard-coded Credentials vulnerability in the PowerStore image file. A low privileged attacker with remote access, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to gain unauthorized access based on the hardcoded account's privileges.
Use of Hard-coded Credentials
Dell PowerScale OneFS, versions 9.8.0.0 through 9.10.1.0, contain a time-of-check time-of-use (TOCTOU) race condition vulnerability
CVE-2025-30101
6.3 - Medium
- May 08, 2025
Dell PowerScale OneFS, versions 9.8.0.0 through 9.10.1.0, contain a time-of-check time-of-use (TOCTOU) race condition vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to denial of service and information tampering.
TOCTTOU
Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.1.0, contains an out-of-bounds write vulnerability
CVE-2025-30102
5.5 - Medium
- May 08, 2025
Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.1.0, contains an out-of-bounds write vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to denial of service.
Memory Corruption
Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Authentication vulnerability
CVE-2025-22477
8.8 - High
- May 06, 2025
Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Elevation of privileges.
authentification
Dell Storage Center - Dell Storage Manager
CVE-2025-22478
8.1 - High
- May 06, 2025
Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering.
XXE
Dell Storage Center - Dell Storage Manager
CVE-2025-22479
4.3 - Medium
- May 06, 2025
Dell Storage Center - Dell Storage Manager, version(s) 20.0.21, contain(s) an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection.
Directory traversal
Dell Storage Center - Dell Storage Manager
CVE-2025-23379
5.2 - Medium
- May 06, 2025
Dell Storage Center - Dell Storage Manager, version(s) 21.0.20, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection.
XSS
Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) an Incorrect Use of Privileged APIs vulnerability
CVE-2025-23375
7.8 - High
- April 28, 2025
Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) an Incorrect Use of Privileged APIs vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
Incorrect Use of Privileged APIs
Dell PowerProtect Data Manager Reporting
CVE-2025-23376
4.4 - Medium
- April 28, 2025
Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure.
Code Injection
Dell PowerProtect Data Manager Reporting, version(s) 19.17, 19.18 contain(s) an Improper Encoding or Escaping of Output vulnerability
CVE-2025-23377
3.4 - Low
- April 28, 2025
Dell PowerProtect Data Manager Reporting, version(s) 19.17, 19.18 contain(s) an Improper Encoding or Escaping of Output vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to inject arbitrary web script or html in reporting outputs.
Output Sanitization
Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, Enables Live-Restore setting
CVE-2025-26475
5.5 - Medium
- March 19, 2025
Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, Enables Live-Restore setting which enhances security by keeping containers running during daemon restarts, reducing attack exposure, preventing accidental misconfigurations, and ensuring security controls remain active.
authentification
Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS
CVE-2025-23382
5.8 - Medium
- March 19, 2025
Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, contain(s) an Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.c
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Dell ThinOS 2408 and prior, contains an improper permissions vulnerability
CVE-2025-27688
- March 18, 2025
Dell ThinOS 2408 and prior, contains an improper permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
Incorrect Permission Assignment for Critical Resource
Dell SmartFabric OS10 Software
CVE-2024-49561
7.8 - High
- March 17, 2025
Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
Incorrect Privilege Assignment
Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Use of Default Password vulnerability
CVE-2024-49559
8.8 - High
- March 17, 2025
Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Use of Default Password vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
1393
Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability
CVE-2025-26331
- March 07, 2025
Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.
Command Injection
Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a symbolic link attack vulnerability
CVE-2025-22480
7.8 - High
- February 13, 2025
Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a symbolic link attack vulnerability. A low-privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary file deletion and Elevation of Privileges.
insecure temporary file
Dell BSAFE SSL-J, versions prior to 6.6 and versions 7.0 through 7.2, contains an Improper certificate verification vulnerability
CVE-2024-29171
7.5 - High
- February 12, 2025
Dell BSAFE SSL-J, versions prior to 6.6 and versions 7.0 through 7.2, contains an Improper certificate verification vulnerability. A remote attacker could potentially exploit this vulnerability, leading to information disclosure.
Improper Certificate Validation
Dell BSAFE SSL-J, versions prior to 6.6 and versions 7.0 through 7.2, contains a deadlock vulnerability
CVE-2024-29172
7.5 - High
- February 12, 2025
Dell BSAFE SSL-J, versions prior to 6.6 and versions 7.0 through 7.2, contains a deadlock vulnerability. A remote attacker could potentially exploit this vulnerability, leading to a Denial of Service.
Improper Locking
Dell Update Manager Plugin
CVE-2025-22402
5.4 - Medium
- February 07, 2025
Dell Update Manager Plugin, version(s) 1.5.0 through 1.6.0, contain(s) an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.
Basic XSS
Dell Avamar, version 19.4 or later, contains an access token reuse vulnerability in the AUI
CVE-2025-21117
5.5 - Medium
- February 05, 2025
Dell Avamar, version 19.4 or later, contains an access token reuse vulnerability in the AUI. A low privileged local attacker could potentially exploit this vulnerability, leading to fully impersonating the user.
Operation on a Resource after Expiration or Release
Dell PowerProtect DD
CVE-2025-22475
7.5 - High
- February 04, 2025
Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10 contains a use of a Cryptographic Primitive with a Risky Implementation vulnerability. A remote attacker could potentially exploit this vulnerability, leading to Information tampering.
Use of a Broken or Risky Cryptographic Algorithm
Dell PowerProtect DD versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain an improper access control vulnerability
CVE-2024-53295
7.8 - High
- February 01, 2025
Dell PowerProtect DD versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege.
Insufficient Granularity of Access Control
Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability
CVE-2024-51534
7.1 - High
- February 01, 2025
Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability. A local low privileged could potentially exploit this vulnerability to gain unauthorized overwrite of OS files stored on the server filesystem. Exploitation could lead to denial of service.
Directory traversal
Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI
CVE-2024-53296
4.9 - Medium
- February 01, 2025
Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.
Memory Corruption
Dell NetWorker
CVE-2025-21107
7.8 - High
- January 30, 2025
Dell NetWorker, version(s) prior to 19.11.0.3, all versions of 19.10 & prior versions contain(s) an Unquoted Search Path or Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
Unquoted Search Path or Element
Dell Networking Switches running Enterprise SONiC OS
CVE-2025-23374
4.9 - Medium
- January 30, 2025
Dell Networking Switches running Enterprise SONiC OS, version(s) prior to 4.4.1 and 4.2.3, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.
Insertion of Sensitive Information into Log File
Dell Display Manager, versions prior to 2.3.2.18, contain a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
CVE-2025-22394
7 - High
- January 15, 2025
Dell Display Manager, versions prior to 2.3.2.18, contain a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to code execution and possibly privilege escalation.
TOCTTOU
Dell Display Manager, versions prior to 2.3.2.20, contain a race condition vulnerability
CVE-2025-21101
6.3 - Medium
- January 15, 2025
Dell Display Manager, versions prior to 2.3.2.20, contain a race condition vulnerability. A local malicious user could potentially exploit this vulnerability during installation, leading to arbitrary folder or file deletion.
Race Condition
Dell PowerScale OneFS versions 8.2.2.x through 9.9.0.0 contain an uncontrolled resource consumption vulnerability
CVE-2024-47239
6.5 - Medium
- January 08, 2025
Dell PowerScale OneFS versions 8.2.2.x through 9.9.0.0 contain an uncontrolled resource consumption vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to denial of service.
Resource Exhaustion
Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability
CVE-2025-22395
7.8 - High
- January 07, 2025
Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary remote scripts on the server. Exploitation may lead to a denial of service by an attacker.
Improper Handling of Insufficient Permissions or Privileges
Dell PowerScale OneFS 8.2.2.x through 9.8.0.x contains an incorrect permission assignment for critical resource vulnerability
CVE-2024-47475
5.5 - Medium
- January 06, 2025
Dell PowerScale OneFS 8.2.2.x through 9.8.0.x contains an incorrect permission assignment for critical resource vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to denial of service.
Incorrect Permission Assignment for Critical Resource
Dell ECS Arithmetic Overflow Vulnerability in Retention Period Handling
CVE-2024-51540
6.5 - Medium
- December 26, 2024
Dell ECS, versions prior to 3.8.1.3 contains an arithmetic overflow vulnerability exists in retention period handling of ECS. An authenticated user with bucket or object-level access and the necessary privileges could potentially exploit this vulnerability to bypass retention policies and delete objects.
Integer Overflow or Wraparound
Dell ECS Authentication Bypass by Capture-replay Vulnerability
CVE-2024-52534
5.4 - Medium
- December 25, 2024
Dell ECS, version(s) prior to ECS 3.8.1.3, contain(s) an Authentication Bypass by Capture-replay vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Session theft.
Authentication Bypass by Capture-replay
Dell NativeEdge Insecure Temporary File Creation Vulnerability
CVE-2024-52543
4.4 - Medium
- December 25, 2024
Dell NativeEdge, version(s) 2.1.0.0, contain(s) a Creation of Temporary File With Insecure Permissions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.
Exposure of Resource to Wrong Sphere
Dell SupportAssist Symlink Attack Vulnerability in Software Remediation Component
CVE-2024-52535
8.8 - High
- December 25, 2024
Dell SupportAssist for Home PCs versions 4.6.1 and prior and Dell SupportAssist for Business PCs versions 4.5.0 and prior, contain a symbolic link (symlink) attack vulnerability in the software remediation component. A low-privileged authenticated user could potentially exploit this vulnerability, gaining privileges escalation, leading to arbitrary deletion of files and folders from the system.
insecure temporary file
Dell NativeEdge Exposure of Sensitive Information Through Metadata Vulnerability
CVE-2024-53291
7.5 - High
- December 25, 2024
Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Exposure of Sensitive Information Through Metadata vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
Exposure of Sensitive Information Through Metadata
Dell NativeEdge Privilege Escalation Vulnerability
CVE-2024-47978
7.8 - High
- December 25, 2024
Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
Execution with Unnecessary Privileges
Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability
CVE-2024-51532
7.1 - High
- December 19, 2024
Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files.
Argument Injection
Dell Inventory Collector Client Improper Link Resolution Vulnerability
CVE-2024-47480
7.8 - High
- December 18, 2024
Dell Inventory Collector Client, versions prior to 12.7.0, contains an Improper Link Resolution Before File Access vulnerability. A low-privilege attacker with local access may exploit this vulnerability, potentially resulting in Elevation of Privileges and unauthorized file system access.
insecure temporary file
Dell AppSync Symbolic Link Following Vulnerability
CVE-2024-52542
5.5 - Medium
- December 17, 2024
Dell AppSync, version 4.6.0.x, contain a Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information tampering.
insecure temporary file
Dell RecoverPoint for Virtual Machines 6.0.x contains an Improper access control vulnerability
CVE-2024-24902
5.5 - Medium
- December 13, 2024
Dell RecoverPoint for Virtual Machines 6.0.x contains an Improper access control vulnerability. A low privileged local attacker could potentially exploit this vulnerability leading to gaining access to unauthorized data for a limited time.
Authorization
Dell RecoverPoint for VMs, version(s) 6.0.x contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the SSH
CVE-2024-28980
9.8 - Critical
- December 13, 2024
Dell RecoverPoint for VMs, version(s) 6.0.x contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the SSH. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Remote execution.
Use of a Broken or Risky Cryptographic Algorithm
Dell RecoverPoint for Virtual Machines 6.0.x contains Denial of Service vulnerability
CVE-2024-47984
6.5 - Medium
- December 13, 2024
Dell RecoverPoint for Virtual Machines 6.0.x contains Denial of Service vulnerability. A User with Remote access could potentially exploit this vulnerability, leading to the disruption of most functionalities of the RPA persistent after reboot, resulting in need of technical support intervention in getting system back to stable state.
Improper Filtering of Special Elements
Dell RecoverPoint for Virtual Machines Hard-Coded Credentials Vulnerability
CVE-2024-48007
9.8 - Critical
- December 13, 2024
Dell RecoverPoint for Virtual Machines 6.0.x contains use of hard-coded credentials vulnerability. A Remote unauthenticated attacker could potentially exploit this vulnerability by gaining access to the source code, easily retrieving these secrets and reusing them to access the system leading to gaining access to unauthorized data.
Use of Hard-coded Credentials
Dell RecoverPoint for Virtual Machines OS Command Injection Vulnerability
CVE-2024-22461
8.8 - High
- December 13, 2024
Dell RecoverPoint for Virtual Machines 6.0.x contains an OS Command injection vulnerability. A low privileged remote attacker could potentially exploit this vulnerability by running any command as root, leading to gaining of root-level access and compromise of complete system.
Shell injection
Dell RecoverPoint for Virtual Machines OS Command Injection Vulnerability
CVE-2024-48008
6.5 - Medium
- December 13, 2024
Dell RecoverPoint for Virtual Machines 6.0.x contains a OS Command Injection vulnerability. An Low privileged remote attacker could potentially exploit this vulnerability leading to information disclosure ,allowing of unintended actions like reading files that may contain sensitive information
Shell injection
Dell RecoverPoint for VMs Authentication Bypass Vulnerability
CVE-2024-38488
9.8 - Critical
- December 13, 2024
Dell RecoverPoint for Virtual Machines 6.0.x contains a vulnerability. An improper Restriction of Excessive Authentication vulnerability where a Network attacker could potentially exploit this vulnerability, leading to a brute force attack or a dictionary attack against the RecoverPoint login form and a complete system compromise. This allows attackers to brute-force the password of valid users in an automated manner.
Improper Restriction of Excessive Authentication Attempts
Dell ThinOS TOCTOU Race Condition Vulnerability
CVE-2024-53289
7 - High
- December 11, 2024
Dell ThinOS version 2408 contains a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
TOCTTOU