Cyber Posture

CVE-2025-22395

High

Published: 07 January 2025

Published
07 January 2025
Modified
04 February 2025
KEV Added
Patch
CVSS Score 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0009 26.1th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-22395 is a high-severity Improper Handling of Insufficient Permissions or Privileges (CWE-280) vulnerability in Dell Update Package Framework. Its CVSS base score is 8.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 26.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Requires timely flaw remediation by patching the Dell Update Package Framework to version 22.01.02 or later, directly eliminating the privilege escalation vulnerability.

AC-6 Least Privilege good match
prevent

Enforces least privilege to prevent low-privileged local attackers from escalating privileges due to improper handling of insufficient privileges in the DUP Framework.

AC-3 Access Enforcement partial match
prevent

Mandates enforcement of access control policies to limit unauthorized privilege escalation and arbitrary code execution resulting from the vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Local privilege escalation via exploitation of insufficient privilege handling directly maps to T1068; user interaction and script execution are secondary effects of the core flaw.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary remote scripts on the server. Exploitation may lead to a…

more

denial of service by an attacker.

Deeper analysisAI

CVE-2025-22395 is a local privilege escalation vulnerability affecting the Dell Update Package (DUP) Framework in versions prior to 22.01.02. The flaw, associated with CWE-280 (improper handling of insufficient privileges), allows escalation from low-privileged access and was published on January 7, 2025, with a CVSS v3.1 base score of 8.2 (AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H).

A local attacker with low privileges can exploit this vulnerability by tricking a user into interacting with a malicious input, potentially leading to the execution of arbitrary remote scripts on the server. Successful exploitation enables high-impact confidentiality, integrity, and availability violations, including denial of service.

Dell's security advisory (DSA-2025-034) at https://www.dell.com/support/kbdoc/en-us/000269079/dsa-2025-034-security-update-for-dell-update-package-dup-framework-vulnerability recommends updating the DUP Framework to version 22.01.02 or later to mitigate the issue.

Details

CWE(s)
CWE-280NVD-CWE-noinfo

Affected Products

dell
update package framework
≤ 22.01.02

CVEs Like This One

CVE-2026-23857Same product: Dell Update Package Framework
CVE-2026-32655Same vendor: Dell
CVE-2026-27102Same vendor: Dell
CVE-2025-21105Same vendor: Dell
CVE-2026-25906Same vendor: Dell
CVE-2026-35155Same vendor: Dell
CVE-2026-24510Same vendor: Dell
CVE-2026-22765Same vendor: Dell
CVE-2026-26949Same vendor: Dell
CVE-2024-48013Same vendor: Dell

References