CVE-2025-43888 is a vulnerability identified in Dell PowerProtect Data Manager versions 19.19 and 19.20 operating within Hyper-V environments. The issue is classified under CWE-532, which pertains to the insertion of sensitive information into log files. Specifically, the software improperly logs sensitive data, potentially including credentials or other confidential information, which can be accessed by an attacker with low-level local privileges. This vulnerability does not require user interaction but does require the attacker to have local access to the system, albeit with limited privileges. The vulnerability’s CVSS 3.1 base score is 8.8, reflecting a high severity due to its impact on confidentiality, integrity, and availability, and the scope being changed (S:C), indicating that exploitation could affect resources beyond the initially vulnerable component. The vulnerability could allow an attacker to gain unauthorized access or escalate privileges by leveraging sensitive data exposed in logs. No public exploits are currently known, but the risk remains significant given the nature of the data managed by Dell PowerProtect Data Manager, which is often critical backup and recovery information. The lack of available patches at the time of publication necessitates immediate mitigation through access controls and monitoring. The vulnerability was reserved in April 2025 and published in September 2025, indicating recent discovery and disclosure.

The vulnerability could have severe consequences for organizations relying on Dell PowerProtect Data Manager for backup and data protection. Exposure of sensitive information in logs can lead to unauthorized access, privilege escalation, and potential compromise of backup data integrity and availability. Attackers with low privileges could leverage this information to move laterally within the network or escalate their access, threatening critical data assets. This could result in data breaches, loss of data confidentiality, disruption of backup and recovery operations, and increased risk of ransomware or other malicious activities targeting backup infrastructure. Organizations in sectors with stringent data protection requirements, such as finance, healthcare, and government, could face regulatory and compliance repercussions if exploited. The high CVSS score reflects the broad impact on confidentiality, integrity, and availability, emphasizing the critical nature of this vulnerability.

1. Immediately restrict local access to systems running Dell PowerProtect Data Manager to trusted and authorized personnel only, minimizing the risk of exploitation by low-privileged users. 2. Implement strict file system permissions on log files to prevent unauthorized reading or tampering by non-privileged users. 3. Monitor and audit access to log files regularly to detect any suspicious activity or unauthorized access attempts. 4. Use encryption or secure logging mechanisms if supported by the product to protect sensitive information in logs. 5. Stay in close contact with Dell for official patches or updates addressing this vulnerability and apply them promptly once available. 6. Consider isolating backup management systems from general user environments to reduce the attack surface. 7. Employ endpoint detection and response (EDR) solutions to identify anomalous local activities indicative of exploitation attempts. 8. Review and harden Hyper-V host configurations to limit local access vectors and privilege escalation opportunities. 9. Educate administrators and users about the risks of local access and the importance of safeguarding sensitive log data.