Login Sign Up

CVE-2025-43905

4.3 MEDIUM
Denial of Service

📋 TL;DR

This vulnerability allows low-privileged remote attackers to inject malicious arguments into commands on Dell PowerProtect Data Domain systems, potentially causing denial of service. It affects Data Domain Operating System (DD OS) across multiple feature releases and long-term support versions.

💻 Affected Systems

Products:
  • Dell PowerProtect Data Domain
Versions: DD OS Feature Release 7.7.1.0 through 8.3.0.15, LTS2025 8.3.1.0, LTS2024 7.13.1.0 through 7.13.1.30, LTS2023 7.10.1.0 through 7.10.1.60
Operating Systems: Data Domain Operating System (DD OS)
Default Config Vulnerable: ⚠️ Yes
Notes: All affected versions in default configuration are vulnerable. Requires low privileged remote access.

📦 What is this software?

Data Domain Operating System by Dell

View all CVEs affecting Data Domain Operating System →

Data Domain Operating System by Dell

View all CVEs affecting Data Domain Operating System →

Data Domain Operating System by Dell

View all CVEs affecting Data Domain Operating System →

Data Domain Operating System by Dell

View all CVEs affecting Data Domain Operating System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system unavailability through denial of service, disrupting backup and recovery operations

🟠

Likely Case

Partial service disruption or system instability affecting backup operations

🟢

If Mitigated

Minimal impact with proper network segmentation and access controls

🌐 Internet-Facing: MEDIUM - Requires remote access but low privilege, internet exposure increases attack surface
🏢 Internal Only: MEDIUM - Internal attackers with low privileges could disrupt critical backup infrastructure

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires low privileged remote access. Argument injection vulnerabilities typically require specific knowledge of vulnerable commands.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply patches specified in DSA-2025-333 advisory

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000376224/dsa-2025-333-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities

Restart Required: No

Instructions:

1. Review DSA-2025-333 advisory. 2. Download appropriate patches from Dell support portal. 3. Apply patches following Dell's update procedures. 4. Verify patch application.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to Data Domain systems to only authorized backup servers and management interfaces

Privilege Reduction

all

Minimize low-privileged user accounts and implement least privilege access controls

🧯 If You Can't Patch

  • Implement strict network access controls and firewall rules to limit remote access
  • Monitor system logs for unusual command execution patterns and implement enhanced logging

🔍 How to Verify

Check if Vulnerable:

Check DD OS version using 'version' command and compare against affected version ranges

Check Version:

version

Verify Fix Applied:

Verify version after patching and check Dell advisory for specific patch verification steps

📡 Detection & Monitoring

Log Indicators:

  • Unusual command execution patterns
  • Failed authentication attempts followed by command execution
  • System instability or crash logs

Network Indicators:

  • Unusual network traffic to Data Domain management interfaces
  • Multiple failed login attempts from single source

SIEM Query:

source="data_domain" AND (event_type="command_execution" OR event_type="system_crash")

📊 Metadata

CVE ID: CVE-2025-43905
CVSS v3 Score: 4.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CWE: CWE-88
EPSS Score: 0.16% exploit probability (36.3th percentile)
Published: October 7, 2025
Last Updated: October 14, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-43905, you might also want to check these:

CVE-2023-6269 10.0

An argument injection vulnerability in Atos Unify OpenScape SBC, Branch, and BCF products allows una...

Same vulnerability type (CWE-88)
CVE-2024-47553 9.9

This vulnerability in Siemens SINEC Security Monitor allows authenticated low-privileged remote atta...

Same vulnerability type (CWE-88)
CVE-2024-39930 9.9

This vulnerability allows authenticated attackers to execute arbitrary code on Gogs servers by explo...

Same vulnerability type (CWE-88)