CVE-2025-43885 is an OS command injection vulnerability identified in Dell PowerProtect Data Manager versions 19.19 and 19.20 running on Hyper-V platforms. The root cause is improper neutralization of special characters in OS commands, classified under CWE-78. This flaw allows a low-privileged attacker with local access to inject and execute arbitrary operating system commands, bypassing intended command restrictions. The vulnerability does not require user interaction, and the attacker only needs local system access, which could be gained through compromised credentials or physical access. The impact includes full compromise of confidentiality, integrity, and availability of the affected system, as arbitrary commands can lead to data theft, system manipulation, or denial of service. Although no known public exploits exist yet, the vulnerability is rated high severity with a CVSS 3.1 score of 7.8, reflecting low attack complexity and significant impact. The absence of patches at the time of disclosure necessitates immediate mitigation planning. Dell PowerProtect Data Manager is widely used in enterprise backup and data protection environments, making this vulnerability critical for organizations relying on these systems for data integrity and recovery. The vulnerability's presence on Hyper-V environments highlights the importance of securing virtualized infrastructure components. The technical details confirm the vulnerability was reserved in April 2025 and published in September 2025, indicating a recent discovery. Organizations should monitor Dell advisories for patches and apply them promptly once released.

The vulnerability allows attackers with low privileges and local access to execute arbitrary OS commands, potentially leading to full system compromise. This can result in unauthorized data access, modification, or destruction, disruption of backup and recovery operations, and potential lateral movement within the network. For organizations relying on Dell PowerProtect Data Manager for critical data protection, exploitation could undermine disaster recovery capabilities and lead to significant operational downtime. The high CVSS score indicates that the vulnerability affects confidentiality, integrity, and availability severely. The lack of required user interaction and low complexity of attack increase the risk of exploitation once local access is obtained. This threat is particularly impactful in environments where local access controls are weak or where attackers can escalate privileges to gain local access. The absence of known exploits currently reduces immediate risk but does not eliminate the threat, as attackers may develop exploits rapidly after disclosure. Overall, the vulnerability poses a serious risk to enterprise data protection infrastructure worldwide.

1. Immediately restrict local access to Dell PowerProtect Data Manager systems to trusted administrators only, enforcing strict access controls and monitoring. 2. Implement robust logging and alerting for any unusual command execution or privilege escalation attempts on affected systems. 3. Apply principle of least privilege to limit user permissions on the affected systems, minimizing the potential for exploitation by low-privileged users. 4. Monitor Dell's official security advisories for patches addressing CVE-2025-43885 and prioritize rapid deployment once available. 5. Conduct thorough audits of local accounts and remove or disable unnecessary accounts to reduce attack surface. 6. Employ host-based intrusion detection systems (HIDS) to detect suspicious command injection attempts. 7. Consider isolating Dell PowerProtect Data Manager instances in segmented network zones to limit lateral movement if compromised. 8. Educate administrators on the risks of local access vulnerabilities and enforce multi-factor authentication where possible to reduce unauthorized access risks. 9. Regularly back up configuration and system data separately to enable recovery in case of compromise. 10. Review and harden Hyper-V host security settings to prevent unauthorized local access to virtualized environments.