Login Sign Up

CVE-2025-43912

5.3 MEDIUM
Denial of Service Buffer Overflow

📋 TL;DR

A heap-based buffer overflow vulnerability in Dell PowerProtect Data Domain with DD OS allows unauthenticated remote attackers to cause denial of service. This affects multiple Dell Data Domain Operating System versions across different release tracks. Organizations using affected versions should patch immediately.

💻 Affected Systems

Products:
  • Dell PowerProtect Data Domain
Versions: DD OS Feature Release 7.7.1.0 through 8.3.0.15, LTS2025 8.3.1.0, LTS2024 7.13.1.0 through 7.13.1.30, LTS2023 7.10.1.0 through 7.10.1.60
Operating Systems: Data Domain Operating System (DD OS)
Default Config Vulnerable: ⚠️ Yes
Notes: All configurations running affected DD OS versions are vulnerable

📦 What is this software?

Data Domain Operating System by Dell

View all CVEs affecting Data Domain Operating System →

Data Domain Operating System by Dell

View all CVEs affecting Data Domain Operating System →

Data Domain Operating System by Dell

View all CVEs affecting Data Domain Operating System →

Data Domain Operating System by Dell

View all CVEs affecting Data Domain Operating System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash and data unavailability due to successful DoS exploitation

🟠

Likely Case

Service disruption and potential data protection system downtime

🟢

If Mitigated

Minimal impact if systems are patched and network access is restricted

🌐 Internet-Facing: HIGH - Unauthenticated remote access makes internet-facing systems particularly vulnerable
🏢 Internal Only: MEDIUM - Internal attackers could still exploit, but requires network access

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

No authentication required, but heap exploitation requires specific conditions

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Dell advisory for specific fixed versions

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000376224/dsa-2025-333-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities

Restart Required: No

Instructions:

1. Review Dell advisory DSA-2025-333. 2. Download appropriate DD OS update. 3. Apply update following Dell's Data Domain upgrade procedures. 4. Verify system functionality post-update.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to Data Domain systems to only trusted management networks

🧯 If You Can't Patch

  • Implement strict network access controls and firewall rules
  • Monitor systems for unusual traffic patterns and crash events

🔍 How to Verify

Check if Vulnerable:

Check DD OS version using 'version' command in Data Domain CLI

Check Version:

version

Verify Fix Applied:

Verify DD OS version is updated beyond affected ranges

📡 Detection & Monitoring

Log Indicators:

  • System crash logs
  • Unexpected process termination
  • Memory allocation errors

Network Indicators:

  • Unusual traffic patterns to Data Domain management ports
  • Connection attempts from unexpected sources

SIEM Query:

source="data_domain" AND (event="crash" OR event="memory_error" OR event="buffer_overflow")

📊 Metadata

CVE ID: CVE-2025-43912
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE: CWE-122
EPSS Score: 0.11% exploit probability (29.9th percentile)
Published: October 7, 2025
Last Updated: October 14, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-43912, you might also want to check these:

CVE-2021-21940 10.0

A heap-based buffer overflow vulnerability in Anker Eufy Homebase 2's RTSP handling allows remote co...

Same vulnerability type (CWE-122)
CVE-2023-45318 10.0

This critical vulnerability allows remote attackers to execute arbitrary code on systems running Wes...

Same vulnerability type (CWE-122)
CVE-2025-23123 10.0

A heap buffer overflow vulnerability in UniFi Protect Camera firmware allows remote code execution. ...

Same vulnerability type (CWE-122)