Main Vulnerability Database SB2025060466

SB2025060466 - Multiple vulnerabilities in Dell Storage Resource Manager (SRM) and Dell Storage Monitoring and Reporting (SMR)

Published: June 4, 2025 Updated: September 17, 2025

Security Bulletin ID SB2025060466

Severity

High

Patch available

YES

Number of vulnerabilities 85

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 85 secuirty vulnerabilities.

1) Memory leak (CVE-ID: CVE-2022-49080)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the kmem_cache_alloc() function in mm/mempolicy.c. A local user can perform a denial of service (DoS) attack.

2) Use-after-free (CVE-ID: CVE-2023-1192)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the smb2_is_status_io_timeout() function in Linux kernel. A local user can set environment variable to a specific value, trigger a use-after-free error and execute arbitrary code with elevated privileges.

3) Out-of-bounds write (CVE-ID: CVE-2023-4016)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing untrusted input. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

4) Use-after-free (CVE-ID: CVE-2023-52572)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the cifs_wake_up_task(), __release_mid(), wait_for_response(), cifs_sync_mid_result(), cifs_compound_callback(), compound_send_recv(), SendReceive() and SendReceiveBlockingLock() functions in fs/smb/client/transport.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.

5) Resource exhaustion (CVE-ID: CVE-2024-11187)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when handling DNS zones with numerous records in the Additional section. A remote attacker can trigger resource exhaustion by sending multiple queries to he affected server and perform a denial of service (DoS) attack.

6) Resource exhaustion (CVE-ID: CVE-2024-12133)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources processing a large number of SEQUENCE OF or SET OF elements in a certificate. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

7) Covert Timing Channel (CVE-ID: CVE-2024-13176)

The vulnerability allows a remote attacker to recover a private key.

The vulnerability exists due to a timing side-channel in ECDSA signature computations. A remote attacker can recover the private key and decrypt data.

Successful exploitation of the vulnerability requires that the attacker's process must either be located in the same physical computer or must have a very fast network connection with low latency.

8) Out-of-bounds read (CVE-ID: CVE-2024-35949)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the __btrfs_check_leaf() and __btrfs_check_node() functions in fs/btrfs/tree-checker.c. A local user can perform a denial of service (DoS) attack.

9) Out-of-bounds write (CVE-ID: CVE-2024-45774)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when parsing JPEG files. A local user can trigger an out-of-bounds write and execute arbitrary code on the system.

10) Improper error handling (CVE-ID: CVE-2024-45775)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect handling of memory allocation failures within the grub_extcmd_dispatcher() function. A local user can perform a denial of service attack or corrupt the IVT data.

11) Integer overflow (CVE-ID: CVE-2024-45776)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow within the grub_mofile_open() function when reading .mo file. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.

12) Integer overflow (CVE-ID: CVE-2024-45777)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow within the grub_gettext_getstr_from_position() function when reading .mo file. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.

13) Integer overflow (CVE-ID: CVE-2024-45778)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow when reading BFS filesystem. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.

14) Integer overflow (CVE-ID: CVE-2024-45779)

The vulnerability allows a local user to corrupt data.

The vulnerability exists due to integer overflow within the BFS filesystem driver. A local user can trigger an integer overflow and corrupt data.

15) Integer overflow (CVE-ID: CVE-2024-45780)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow when handling tar files. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.

16) Out-of-bounds write (CVE-ID: CVE-2024-45781)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when ready symbolic link name from a UFS filesystem. A local user can trigger an out-of-bounds write and execute arbitrary code.

17) Out-of-bounds write (CVE-ID: CVE-2024-45782)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when reading a volume's name within the grub_fs_mount() function in HFS filesystem driver. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

18) NULL pointer dereference (CVE-ID: CVE-2024-45783)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error when failing to mount a HFS+. A local user can perform a denial of service (DoS) attack.

19) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2024-47220)

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests. A remote attacker can send a specially crafted HTTP request containing both a Content-Length header and a Transfer-Encoding header to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.

20) Inefficient regular expression complexity (CVE-ID: CVE-2024-49761)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when parsing an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.

21) Out-of-bounds read (CVE-ID: CVE-2024-50115)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the nested_svm_get_tdp_pdptr() function in arch/x86/kvm/svm/nested.c. A local user can perform a denial of service (DoS) attack.

22) Out-of-bounds read (CVE-ID: CVE-2024-50128)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the drivers/net/wwan/wwan_core.c. A local user can perform a denial of service (DoS) attack.

23) Improper Encoding or Escaping of Output (CVE-ID: CVE-2024-50349)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect handling of control sequences in account names when asking for credentials. A remote attacker can trick the victim into clicking on a specially crafted URL and trick users into providing passwords for trusted Git hosting sites when in fact they are then sent to untrusted sites that are under the attacker's control.

24) Improper Encoding or Escaping of Output (CVE-ID: CVE-2024-52006)

The vulnerability allows a remote attacker to exfiltrate data.

The vulnerability exists due to newline confusion in credential helpers when interpreting single Carriage Return characters. A remote attacker can gain access to sensitive information.

25) Off-by-one (CVE-ID: CVE-2024-52533)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to an off-by-one error in gio/gsocks4aproxy.c when handling responses from SOCKS4 proxy. A remote attacker can trick the victim into connecting to a malicious SOCKS4 proxy server, trigger an off-by-one error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

26) Improper locking (CVE-ID: CVE-2024-53135)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the module_param() function in arch/x86/kvm/vmx/vmx.c. A local user can perform a denial of service (DoS) attack.

27) Use-after-free (CVE-ID: CVE-2024-53173)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nfs4_open_release() function in fs/nfs/nfs4proc.c. A local user can escalate privileges on the system.

28) Use-after-free (CVE-ID: CVE-2024-53239)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the usb6fire_chip_abort(), usb6fire_chip_destroy(), usb6fire_chip_probe() and usb6fire_chip_disconnect() functions in sound/usb/6fire/chip.c. A local user can escalate privileges on the system.

29) Use-after-free (CVE-ID: CVE-2024-56171)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the xmlSchemaIDCFillNodeTables() and xmlSchemaBubbleIDCNodeTables() functions in xmlschemas.c. A remote attacker can pass specially crafted XML document to the application, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

30) Buffer overflow (CVE-ID: CVE-2024-56539)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the drivers/net/wireless/marvell/mwifiex/fw.h. A local user can perform a denial of service (DoS) attack.

31) Use-after-free (CVE-ID: CVE-2024-56548)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hfsplus_read_wrapper() function in fs/hfsplus/wrapper.c. A local user can escalate privileges on the system.

32) Use-after-free (CVE-ID: CVE-2024-56605)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the l2cap_sock_alloc() function in net/bluetooth/l2cap_sock.c. A local user can escalate privileges on the system.

33) Heap-based buffer overflow (CVE-ID: CVE-2024-56737)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the fs/hfs.c when reading sblock data from HFS filesystem. A local user can trigger a heap-based buffer overflow and execute arbitrary code with elevated privileges.

34) Improper error handling (CVE-ID: CVE-2024-57948)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ieee802154_if_remove() function in net/mac802154/iface.c. A local user can perform a denial of service (DoS) attack.

35) Information disclosure (CVE-ID: CVE-2025-0167)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to application can leak credentials when asked to use a .netrc file for credentials and to follow HTTP redirects. A remote attacker can gain access to sensitive information.

36) Buffer overflow (CVE-ID: CVE-2025-0395)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when the assert() function fails. A remote attacker can trigger memory corruption and perform a denial of service (DoS) attack.

37) Use-after-free (CVE-ID: CVE-2025-0622)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error caused by not removing hooks when the related module is being unloaded. A local user can execute arbitrary code with elevated privileges.

38) Out-of-bounds write (CVE-ID: CVE-2025-0624)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the grub_net_search_config_file() function. A local user can trigger an out-of-bounds write and execute arbitrary code on the system.

39) Integer overflow (CVE-ID: CVE-2025-0677)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow when performing a symlink lookup within the grub_ufs_lookup_symlink() function in UFS filesystem driver. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.

40) Integer overflow (CVE-ID: CVE-2025-0678)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow in squash4 fs module. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.

41) Out-of-bounds write (CVE-ID: CVE-2025-0684)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when performing a symlink lookup from a reiserfs filesystem. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

42) Integer overflow (CVE-ID: CVE-2025-0685)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow when reading data from a jfs filesystem within the grub_jfs_lookup_symlink() function. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.

43) Integer overflow (CVE-ID: CVE-2025-0686)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow within the grub_romfs_read_symlink() function when performing a symlink lookup from a romfs filesystem. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.

44) Heap-based buffer overflow (CVE-ID: CVE-2025-0689)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the grub_udf_read_block() function when reading data from disk. A local user can trigger a heap-based buffer overflow and execute arbitrary code with elevated privileges.

45) Integer overflow (CVE-ID: CVE-2025-0690)

The vulnerability allows an attacker to escalate privileges on the system.

The vulnerability exists due to integer overflow when reading data from the keyboard input. An attacker with physical access to the system can trigger an integer overflow and execute arbitrary code with elevated privileges.

46) Integer overflow (CVE-ID: CVE-2025-0725)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow when handling gzip decompression of content-encoded HTTP responses with the CURLOPT_ACCEPT_ENCODING option using zlib 1.2.0.3 or older. A remote attacker can send specially crafted response to the application, trigger an integer overflow and execute arbitrary code on the target system.

47) Security features bypass (CVE-ID: CVE-2025-1118)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to the dump command is not blocked when grub is in lockdown mode. A local user can read any data from the system memory.

48) Integer overflow (CVE-ID: CVE-2025-1125)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow within the hfsplus_open_compressed_real() function when reading data from a hfs filesystem. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.

49) Resource management error (CVE-ID: CVE-2025-21690)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the dev_warn() and storvsc_on_io_completion() functions in drivers/scsi/storvsc_drv.c. A local user can perform a denial of service (DoS) attack.

50) Out-of-bounds read (CVE-ID: CVE-2025-21692)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ets_class_from_arg() function in net/sched/sch_ets.c. A local user can perform a denial of service (DoS) attack.

51) Resource management error (CVE-ID: CVE-2025-21699)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the do_gfs2_set_flags() function in fs/gfs2/file.c. A local user can perform a denial of service (DoS) attack.

52) Stack-based buffer overflow (CVE-ID: CVE-2025-24928)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the xmlSnprintfElements() function in valid.c. A remote attacker can pass specially crafted XML data to the application, trigger a stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

53) Man-in-the-Middle (MitM) attack (CVE-ID: CVE-2025-26465)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to incorrect processing of user-supplied data in ssh(1). A remote attacker can perform server impersonation when VerifyHostKeyDNS enabled.

54) Buffer overflow (CVE-ID: CVE-2025-26597)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the XkbChangeTypesOfKey() function. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

55) NULL pointer dereference (CVE-ID: CVE-2025-27113)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the xmlPatMatch() function in pattern.c. A remote attacker can pass specially crafted XML document to the affected application and perform a denial of service (DoS) attack.

56) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-50379)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to missing access restrictions to the default servlet. If the default servlet is write enabled (readonly initialisation parameter set to the non-default value of false) for a case insensitive file system, concurrent read and upload under load of the same file can bypass Tomcat's case sensitivity checks and cause an uploaded file to be treated as a JSP leading to remote code execution.

57) Permissions, privileges, and access controls (CVE-ID: CVE-2024-56337)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incomplete mitigation for #VU101814(CVE-2024-50379) on a case insensitive file system with the default servlet write enabled (readonly initialisation parameter set to the non-default value of false). A remote attacker can upload malicious files to the server and execute them compromising the system.

The mitigation bypass depends on the version of Java used on the system.

58) Improper input validation (CVE-ID: CVE-2025-0509)

The vulnerability allows a remote privileged user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Install (Sparkle) component in Oracle Java SE. A remote privileged user can exploit this vulnerability to execute arbitrary code.

59) Improper input validation (CVE-ID: CVE-2025-21502)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.

60) Information disclosure (CVE-ID: CVE-2024-11053)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to an error when using a .netrc file for credentials and an instruction to follow HTTP redirects. The cURL library can leak credentials intended for the first URL prior to redirection. This however will only occur if the .netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.

61) Out-of-bounds read (CVE-ID: CVE-2024-37371)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when handling GSS message token. A remote attacker can send specially crafted token to the application, trigger an out-of-bounds read error and read contents of memory on the system.

62) Improper input validation (CVE-ID: CVE-2025-21490)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

63) Improper input validation (CVE-ID: CVE-2025-21491)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

64) Improper input validation (CVE-ID: CVE-2025-21493)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Security: Privileges component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

65) Improper input validation (CVE-ID: CVE-2025-21495)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Firewall component in MySQL Enterprise Firewall. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

66) Improper input validation (CVE-ID: CVE-2025-21497)

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

67) Improper input validation (CVE-ID: CVE-2025-21499)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

68) Improper input validation (CVE-ID: CVE-2025-21500)

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

69) Improper input validation (CVE-ID: CVE-2025-21501)

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

70) Improper input validation (CVE-ID: CVE-2025-21503)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

71) Improper input validation (CVE-ID: CVE-2025-21505)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Components Services component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

72) Improper input validation (CVE-ID: CVE-2025-21518)

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

73) Improper input validation (CVE-ID: CVE-2025-21519)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

74) Improper input validation (CVE-ID: CVE-2025-21520)

The vulnerability allows a local privileged user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Server: Options component in MySQL Server. A local privileged user can exploit this vulnerability to gain access to sensitive information.

75) Improper input validation (CVE-ID: CVE-2025-21521)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Thread Pooling component in MySQL Server. A remote non-authenticated attacker can exploit this vulnerability to perform a denial of service (DoS) attack.

76) Improper input validation (CVE-ID: CVE-2025-21522)

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Parser component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

77) Improper input validation (CVE-ID: CVE-2025-21523)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

78) Improper input validation (CVE-ID: CVE-2025-21529)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Information Schema component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

79) Improper input validation (CVE-ID: CVE-2025-21531)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

80) Improper input validation (CVE-ID: CVE-2025-21540)

The vulnerability allows a remote authenticated user to read and manipulate data.

The vulnerability exists due to improper input validation within the Server: Security: Privileges component in MySQL Server. A remote authenticated user can exploit this vulnerability to read and manipulate data.

81) Improper input validation (CVE-ID: CVE-2025-21543)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Packaging component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

82) Improper input validation (CVE-ID: CVE-2025-21548)

The vulnerability allows a remote privileged user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Connector/Python component in MySQL Connectors. A remote privileged user can exploit this vulnerability to execute arbitrary code.

83) Improper input validation (CVE-ID: CVE-2025-21555)

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

84) Improper input validation (CVE-ID: CVE-2025-21559)

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

85) Improper input validation (CVE-ID: CVE-2025-21566)

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://www.dell.com/support/kbdoc/nl-nl/000309323/dsa-2025-165-dell-storage-resource-manager-srm-and-dell-storage-monitoring-and-reporting-smr-security-update-for-multiple-third-party-component-vulnerabilities

SB2025060466 - Multiple vulnerabilities in Dell Storage Resource Manager (SRM) and Dell Storage Monitoring and Reporting (SMR)

Breakdown by Severity

Description

Remediation

References

Please verify you're human