Main Vulnerability Database SB2025052059

SB2025052059 - Dell PowerEdge Server update for BIOS

Published: May 20, 2025

Security Bulletin ID SB2025052059

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2024-56161)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper verification of cryptographic signature in AMD CPU ROM microcode patch loader. A local privileged user can load a malicious CPU microcode and escalate privileges on the system.

Remediation

Install update from vendor's website.

References

https://www.dell.com/support/kbdoc/nl-nl/000280550/dsa-2025-040-security-update-for-dell-amd-based-poweredge-server-vulnerabilities

Vulnerable Software

PowerEdge R7425: All versions
PowerEdge R7415: All versions
PowerEdge R6415: All versions
Dell EMC XC Core XC7525: All versions
PowerEdge XE8545: All versions
PowerEdge C6525: All versions
PowerEdge R7525: All versions
PowerEdge R7515: All versions
PowerEdge R6525: All versions
PowerEdge R6515: All versions
XC Core XC7625: before 1.11.2
PowerEdge C6615: before 1.6.2
PowerEdge R7625: before 1.11.2
PowerEdge R6625: before 1.11.2
PowerEdge R7615: before 1.11.2
PowerEdge R6615: before 1.11.2

SB2025052059 - Dell PowerEdge Server update for BIOS

Breakdown by Severity

Description

Remediation

References

Please verify you're human