Plaintext Storage of a Password

CVE-2025-43938

Medium

5/10

Summary

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to gain unauthorized access with privileges of the compromised account.

Attack Complexity: HIGH
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: CHANGED
User Interaction: REQUIRED
Privileges Required: HIGH
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-256 - Plaintext Storage of a Password

Storing a password in plaintext may result in a system compromise.

References

Advisory Timeline

Published Sep 10, 2025

Plaintext Storage of a Password

CVE-2025-43938

Summary

CWE-256 - Plaintext Storage of a Password

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS