CVE-2025-43943 MEDIUM

CVE-2025-43943

Vendor Dell
Product Cloud Disaster Recovery
Weakness CWE-78
Published September 25, 2025
Last update September 25, 2025

CVSS base score

6.7/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Dell Cloud Disaster Recovery, version(s) prior to 19.20, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.

Key dates

02Disclosure timeline

September 25, 2025 CVE published
September 25, 2025 Record updated