CVE-2025-43911 – This CVE describes an OS command injection vuln... (How to Fix)

Q: What is the severity of CVE-2025-43911?

CVE-2025-43911 has a CVSS score of 6.7 (MEDIUM). This CVE describes an OS command injection vulnerability in Dell PowerProtect Data Domain systems running affected DD OS versions. A high-privileged attacker with local access can execute arbitrary commands, potentially escalating to root privileges. Organizations using Dell PowerProtect Data Domain with the specified DD OS versions are affected.

📋 TL;DR

This CVE describes an OS command injection vulnerability in Dell PowerProtect Data Domain systems running affected DD OS versions. A high-privileged attacker with local access can execute arbitrary commands, potentially escalating to root privileges. Organizations using Dell PowerProtect Data Domain with the specified DD OS versions are affected.

💻 Affected Systems

Products:

Dell PowerProtect Data Domain

Versions: DD OS Feature Release 7.7.1.0 through 8.3.0.15, LTS2025 8.3.1.0, LTS2024 7.13.1.0 through 7.13.1.30, LTS2023 7.10.1.0 through 7.10.1.60

Operating Systems: Data Domain Operating System (DD OS)

Default Config Vulnerable: ⚠️ Yes

Notes: Requires high-privileged local access to exploit. All default configurations of affected versions are vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with high local privileges gains full root access to the Data Domain system, allowing complete system compromise, data exfiltration, and lateral movement within the backup infrastructure.

🟠

Likely Case

A malicious insider or compromised high-privileged account executes arbitrary commands to escalate privileges, potentially disrupting backup operations or accessing sensitive backup data.

🟢

If Mitigated

With proper access controls and network segmentation, the impact is limited to the local Data Domain system, preventing lateral movement and containing the breach.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires high-privileged local access, making it more likely to be exploited by insiders or attackers who have already compromised a privileged account.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply patches as specified in DSA-2025-333 advisory

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000376224/dsa-2025-333-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities

Restart Required: No

Instructions:

1. Review DSA-2025-333 advisory. 2. Download appropriate patches from Dell Support. 3. Apply patches following Dell's deployment procedures. 4. Verify patch installation.

🔧 Temporary Workarounds

Restrict Local Access

all

Limit local access to Data Domain systems to only authorized administrators using least privilege principles.

🧯 If You Can't Patch

Implement strict access controls to limit local administrative access to essential personnel only
Segment Data Domain systems on isolated network segments to prevent lateral movement

🔍 How to Verify

Check if Vulnerable:

Check DD OS version using 'version' command in Data Domain CLI and compare against affected version ranges

Check Version:

version

Verify Fix Applied:

Verify patch installation by checking version after applying Dell's security updates

📡 Detection & Monitoring

Log Indicators:

Unusual command execution patterns in system logs
Privilege escalation attempts
Unauthorized administrative activity

Network Indicators:

Unexpected outbound connections from Data Domain systems
Anomalous network traffic patterns

SIEM Query:

source="Data Domain" AND (event_type="command_execution" OR user="root") AND command="*"

📊 Metadata

CVE ID: CVE-2025-43911

CVSS v3 Score: 6.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

EPSS Score: 0.04% exploit probability (9.7th percentile)

Published: October 7, 2025

Last Updated: October 14, 2025

🔗 References

https://www.dell.com/support/kbdoc/en-us/000376224/dsa-2025-333-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-43911, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Data Domain Operating System by Dell

Data Domain Operating System by Dell

Data Domain Operating System by Dell

Data Domain Operating System by Dell

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict Local Access

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities