CVE-2025-43889
📋 TL;DR
Dell PowerProtect Data Domain systems running vulnerable DD OS versions contain a path traversal vulnerability in the UI that allows unauthenticated remote attackers to access restricted directories. This can lead to information exposure, potentially revealing sensitive system data. All systems running affected versions with the UI exposed are vulnerable.
💻 Affected Systems
- Dell PowerProtect Data Domain
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
An attacker could access sensitive configuration files, credentials, or system information, potentially enabling further attacks or data exfiltration.
Likely Case
Information disclosure of system files or configuration data that could aid in reconnaissance for additional attacks.
If Mitigated
Limited impact if proper network segmentation and access controls prevent external access to the UI.
🎯 Exploit Status
Path traversal vulnerabilities are typically straightforward to exploit once the specific vulnerable endpoint is identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Apply updates as specified in DSA-2025-333
Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000376224/dsa-2025-333-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities
Restart Required: No
Instructions:
1. Review DSA-2025-333 advisory. 2. Download appropriate patches from Dell Support. 3. Apply patches following Dell's deployment procedures. 4. Verify patch application and system functionality.
🔧 Temporary Workarounds
Restrict UI Network Access
allLimit network access to the Data Domain UI to trusted IP addresses only using firewall rules.
Disable Unnecessary UI Access
allIf UI access is not required, disable or restrict access to the web interface.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate Data Domain systems from untrusted networks
- Apply IP-based access controls to restrict UI access to authorized administrative hosts only
🔍 How to Verify
Check if Vulnerable:
Check DD OS version via the UI or CLI. If version falls within affected ranges, system is vulnerable.Check Version:
From Data Domain CLI: versionVerify Fix Applied:
Verify DD OS version is updated beyond affected ranges and test UI functionality.📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns in UI logs
- Multiple failed path traversal attempts
- Access to restricted directory paths
Network Indicators:
- HTTP requests with directory traversal sequences (../, ..\) to UI endpoints
- Unusual traffic patterns to Data Domain UI
SIEM Query:
source="data_domain_ui" AND (http_uri="*../*" OR http_uri="*..\*")