Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-43914 (GCVE-0-2025-43914)
Vulnerability from cvelistv5 – Published: 2025-10-07 17:43 – Updated: 2026-02-26 17:48
VLAI
EPSS
Summary
Dell PowerProtect Data Domain BoostFS for Linux Ubuntu systems of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-266 - Incorrect Privilege Assignment
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00037622… | vendor-advisory |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | PowerProtect Data Domain BoostFS for Linux Ubuntu Feature Release |
Affected:
7.7.1.0 , < 8.4.0.0
(semver)
|
|
| Dell | PowerProtect Data Domain BoostFS for Linux Ubuntu LTS2025 |
Affected:
8.3.1.0 , < 8.3.1.10
(semver)
|
|
| Dell | PowerProtect Data Domain BoostFS for Linux Ubuntu LTS2024 |
Affected:
7.13.1.0 , < 7.13.1.40
(semver)
|
|
| Dell | PowerProtect Data Domain BoostFS for Linux Ubuntu LTS2023 |
Affected:
7.10.1.0 , < 7.10.1.70
(semver)
|
Date Public
2025-10-01 17:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-43914",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-08T03:55:18.919586Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:48:15.108Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerProtect Data Domain BoostFS for Linux Ubuntu Feature Release",
"vendor": "Dell",
"versions": [
{
"lessThan": "8.4.0.0",
"status": "affected",
"version": "7.7.1.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerProtect Data Domain BoostFS for Linux Ubuntu LTS2025",
"vendor": "Dell",
"versions": [
{
"lessThan": "8.3.1.10",
"status": "affected",
"version": "8.3.1.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerProtect Data Domain BoostFS for Linux Ubuntu LTS2024",
"vendor": "Dell",
"versions": [
{
"lessThan": "7.13.1.40",
"status": "affected",
"version": "7.13.1.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerProtect Data Domain BoostFS for Linux Ubuntu LTS2023",
"vendor": "Dell",
"versions": [
{
"lessThan": "7.10.1.70",
"status": "affected",
"version": "7.10.1.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-10-01T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell PowerProtect Data Domain BoostFS for Linux Ubuntu systems of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access."
}
],
"value": "Dell PowerProtect Data Domain BoostFS for Linux Ubuntu systems of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266: Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-07T17:43:48.551Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000376224/dsa-2025-333-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2025-43914",
"datePublished": "2025-10-07T17:43:48.551Z",
"dateReserved": "2025-04-19T05:03:41.170Z",
"dateUpdated": "2026-02-26T17:48:15.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-43914",
"date": "2026-06-19",
"epss": "0.00093",
"percentile": "0.00727"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-43914\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2025-10-07T18:16:00.000\",\"lastModified\":\"2026-02-12T17:14:05.740\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Dell PowerProtect Data Domain BoostFS for Linux Ubuntu systems of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security_alert@emc.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security_alert@emc.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-266\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.7.1.0\",\"versionEndExcluding\":\"7.10.1.70\",\"matchCriteriaId\":\"7FCE50EA-F2B8-4455-A489-1947B0CBFEEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.13.1.0\",\"versionEndIncluding\":\"7.13.1.40\",\"matchCriteriaId\":\"B451DCE2-896E-4DFC-AA2B-CA1B0C257BAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0.0\",\"versionEndIncluding\":\"8.3.0.15\",\"matchCriteriaId\":\"303AC151-B605-4F51-B001-197787B6B54E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.3.1.0\",\"versionEndExcluding\":\"8.3.1.10\",\"matchCriteriaId\":\"9E0743E3-14E7-4FF9-88C5-E038D62F2344\"}]}]}],\"references\":[{\"url\":\"https://www.dell.com/support/kbdoc/en-us/000376224/dsa-2025-333-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-43914\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-08T03:55:18.919586Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-07T18:31:29.468Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Dell\", \"product\": \"PowerProtect Data Domain BoostFS for Linux Ubuntu Feature Release\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.7.1.0\", \"lessThan\": \"8.4.0.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Dell\", \"product\": \"PowerProtect Data Domain BoostFS for Linux Ubuntu LTS2025\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.3.1.0\", \"lessThan\": \"8.3.1.10\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Dell\", \"product\": \"PowerProtect Data Domain BoostFS for Linux Ubuntu LTS2024\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.13.1.0\", \"lessThan\": \"7.13.1.40\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Dell\", \"product\": \"PowerProtect Data Domain BoostFS for Linux Ubuntu LTS2023\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.10.1.0\", \"lessThan\": \"7.10.1.70\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2025-10-01T17:00:00.000Z\", \"references\": [{\"url\": \"https://www.dell.com/support/kbdoc/en-us/000376224/dsa-2025-333-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Dell PowerProtect Data Domain BoostFS for Linux Ubuntu systems of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Dell PowerProtect Data Domain BoostFS for Linux Ubuntu systems of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-266\", \"description\": \"CWE-266: Incorrect Privilege Assignment\"}]}], \"providerMetadata\": {\"orgId\": \"c550e75a-17ff-4988-97f0-544cde3820fe\", \"shortName\": \"dell\", \"dateUpdated\": \"2025-10-07T17:43:48.551Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-43914\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-26T17:48:15.108Z\", \"dateReserved\": \"2025-04-19T05:03:41.170Z\", \"assignerOrgId\": \"c550e75a-17ff-4988-97f0-544cde3820fe\", \"datePublished\": \"2025-10-07T17:43:48.551Z\", \"assignerShortName\": \"dell\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Title
Уязвимость программного обеспечения централизованного управления системами хранения данных PowerProtect Data Domain Management Center операционных систем Dell EMC Data Domain Operating System (DD OS), связанная с некорректным присваиванием привилегий, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Description
Уязвимость программного обеспечения централизованного управления системами хранения данных PowerProtect Data Domain Management Center операционных систем Dell EMC Data Domain Operating System (DD OS) связана с некорректным присваиванием привилегий. Эксплуатация уязвимости может позволить нарушителю получить несанкционированный доступ к защищаемой информации
Severity
Vendor
Dell Technologies
Software Name
Data Domain Operating System, PowerProtect Data Domain
Software Version
8.4 (Data Domain Operating System), 8.3.1 (Data Domain Operating System), 7.13.1 (Data Domain Operating System), 7.10.1 (Data Domain Operating System), от 7.7.1.0 до 8.3.0.15 включительно (PowerProtect Data Domain), 8.3.1.0 (PowerProtect Data Domain), от 7.13.1.0 до 7.13.1.30 включительно (PowerProtect Data Domain), от 7.10.1.0 до 7.10.1.60 включительно (PowerProtect Data Domain)
Possible Mitigations
Использование рекомендаций производителя:
https://www.dell.com/support/kbdoc/en-us/000376224/dsa-2025-333-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities
Reference
https://www.dell.com/support/kbdoc/en-us/000376224/dsa-2025-333-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities
CWE
CWE-266
{
"CVSS 2.0": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
"CVSS 3.0": "AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Dell Technologies",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "8.4 (Data Domain Operating System), 8.3.1 (Data Domain Operating System), 7.13.1 (Data Domain Operating System), 7.10.1 (Data Domain Operating System), \u043e\u0442 7.7.1.0 \u0434\u043e 8.3.0.15 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (PowerProtect Data Domain), 8.3.1.0 (PowerProtect Data Domain), \u043e\u0442 7.13.1.0 \u0434\u043e 7.13.1.30 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (PowerProtect Data Domain), \u043e\u0442 7.10.1.0 \u0434\u043e 7.10.1.60 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (PowerProtect Data Domain)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://www.dell.com/support/kbdoc/en-us/000376224/dsa-2025-333-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "07.10.2025",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "14.10.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "14.10.2025",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-12860",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-43914",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Data Domain Operating System, PowerProtect Data Domain",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Dell Technologies Data Domain Operating System 8.4 , Dell Technologies Data Domain Operating System 8.3.1 , Dell Technologies Data Domain Operating System 7.13.1 , Dell Technologies Data Domain Operating System 7.10.1 ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0446\u0435\u043d\u0442\u0440\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u043c\u0438 \u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0434\u0430\u043d\u043d\u044b\u0445 PowerProtect Data Domain Management Center \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Dell EMC Data Domain Operating System (DD OS), \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u044b\u043c \u043f\u0440\u0438\u0441\u0432\u0430\u0438\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0435 \u043f\u0440\u0438\u0441\u0432\u0430\u0438\u0432\u0430\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 (CWE-266)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0446\u0435\u043d\u0442\u0440\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u043c\u0438 \u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0434\u0430\u043d\u043d\u044b\u0445 PowerProtect Data Domain Management Center \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Dell EMC Data Domain Operating System (DD OS) \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u044b\u043c \u043f\u0440\u0438\u0441\u0432\u0430\u0438\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.dell.com/support/kbdoc/en-us/000376224/dsa-2025-333-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-266",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}
FKIE_CVE-2025-43914
Vulnerability from fkie_nvd - Published: 2025-10-07 18:16 - Updated: 2026-06-17 09:24
Severity
7.5 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Dell PowerProtect Data Domain BoostFS for Linux Ubuntu systems of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | data_domain_operating_system | * | |
| dell | data_domain_operating_system | * | |
| dell | data_domain_operating_system | * | |
| dell | data_domain_operating_system | * |
{
"affected": [
{
"affectedData": [
{
"defaultStatus": "unaffected",
"product": "PowerProtect Data Domain BoostFS for Linux Ubuntu Feature Release",
"vendor": "Dell",
"versions": [
{
"lessThan": "8.4.0.0",
"status": "affected",
"version": "7.7.1.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerProtect Data Domain BoostFS for Linux Ubuntu LTS2025",
"vendor": "Dell",
"versions": [
{
"lessThan": "8.3.1.10",
"status": "affected",
"version": "8.3.1.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerProtect Data Domain BoostFS for Linux Ubuntu LTS2024",
"vendor": "Dell",
"versions": [
{
"lessThan": "7.13.1.40",
"status": "affected",
"version": "7.13.1.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerProtect Data Domain BoostFS for Linux Ubuntu LTS2023",
"vendor": "Dell",
"versions": [
{
"lessThan": "7.10.1.70",
"status": "affected",
"version": "7.10.1.0",
"versionType": "semver"
}
]
}
],
"source": "security_alert@emc.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FCE50EA-F2B8-4455-A489-1947B0CBFEEA",
"versionEndExcluding": "7.10.1.70",
"versionStartIncluding": "7.7.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B451DCE2-896E-4DFC-AA2B-CA1B0C257BAD",
"versionEndIncluding": "7.13.1.40",
"versionStartIncluding": "7.13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "303AC151-B605-4F51-B001-197787B6B54E",
"versionEndIncluding": "8.3.0.15",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E0743E3-14E7-4FF9-88C5-E038D62F2344",
"versionEndExcluding": "8.3.1.10",
"versionStartIncluding": "8.3.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell PowerProtect Data Domain BoostFS for Linux Ubuntu systems of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access."
}
],
"id": "CVE-2025-43914",
"lastModified": "2026-06-17T09:24:43.913",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 6.0,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2025-43914",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-08T03:55:18.919586Z",
"version": "2.0.3"
}
}
]
},
"published": "2025-10-07T18:16:00.000",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000376224/dsa-2025-333-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-266"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-9CC8-CJGW-8QWX
Vulnerability from github – Published: 2025-10-07 18:31 – Updated: 2025-10-07 18:31
VLAI
Details
Dell PowerProtect Data Domain BoostFS for Linux Ubuntu systems of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.
Severity
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2025-43914"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-07T18:16:00Z",
"severity": "HIGH"
},
"details": "Dell PowerProtect Data Domain BoostFS for Linux Ubuntu systems of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.",
"id": "GHSA-9cc8-cjgw-8qwx",
"modified": "2025-10-07T18:31:11Z",
"published": "2025-10-07T18:31:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43914"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000376224/dsa-2025-333-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
WID-SEC-W-2025-2185
Vulnerability from csaf_certbund - Published: 2025-10-01 22:00 - Updated: 2025-10-07 22:00Summary
Dell PowerProtect Data Domain mit DD OS: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Dell PowerProtect Data Domain Operating System (DD OS) ist das Betriebssystem für die PowerProtect Data Domain Appliances von Dell.
Dell PowerProtect Data Domain Appliances sind speziell für Backup und Daten-Deduplizierung ausgelegte Systeme.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Dell PowerProtect Data Domain OS und Dell PowerProtect Data Domain ausnutzen, um beliebigen Code auszuführen – sogar mit Root-Rechten –, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, erweiterte Rechte zu erlangen, vertrauliche Informationen offenzulegen, Phishing-Angriffe zu starten und andere nicht näher spezifizierte Angriffe durchzuführen.
Betroffene Betriebssysteme: - Sonstiges
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain OS <8.3.1.10
Dell / PowerProtect Data Domain OS
|
<8.3.1.10 | ||
|
Dell PowerProtect Data Domain OS <8.5.0.0
Dell / PowerProtect Data Domain OS
|
<8.5.0.0 | ||
|
Dell PowerProtect Data Domain OS <8.4.0.0
Dell / PowerProtect Data Domain OS
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain
Dell
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS <7.13.1.40
Dell / PowerProtect Data Domain OS
|
<7.13.1.40 | ||
|
Dell PowerProtect Data Domain OS <7.10.1.70
Dell / PowerProtect Data Domain OS
|
<7.10.1.70 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain OS <8.3.1.10
Dell / PowerProtect Data Domain OS
|
<8.3.1.10 | ||
|
Dell PowerProtect Data Domain OS <8.5.0.0
Dell / PowerProtect Data Domain OS
|
<8.5.0.0 | ||
|
Dell PowerProtect Data Domain OS <8.4.0.0
Dell / PowerProtect Data Domain OS
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain
Dell
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS <7.13.1.40
Dell / PowerProtect Data Domain OS
|
<7.13.1.40 | ||
|
Dell PowerProtect Data Domain OS <7.10.1.70
Dell / PowerProtect Data Domain OS
|
<7.10.1.70 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain OS <8.3.1.10
Dell / PowerProtect Data Domain OS
|
<8.3.1.10 | ||
|
Dell PowerProtect Data Domain OS <8.5.0.0
Dell / PowerProtect Data Domain OS
|
<8.5.0.0 | ||
|
Dell PowerProtect Data Domain OS <8.4.0.0
Dell / PowerProtect Data Domain OS
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain
Dell
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS <7.13.1.40
Dell / PowerProtect Data Domain OS
|
<7.13.1.40 | ||
|
Dell PowerProtect Data Domain OS <7.10.1.70
Dell / PowerProtect Data Domain OS
|
<7.10.1.70 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain OS <8.3.1.10
Dell / PowerProtect Data Domain OS
|
<8.3.1.10 | ||
|
Dell PowerProtect Data Domain OS <8.5.0.0
Dell / PowerProtect Data Domain OS
|
<8.5.0.0 | ||
|
Dell PowerProtect Data Domain OS <8.4.0.0
Dell / PowerProtect Data Domain OS
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain
Dell
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS <7.13.1.40
Dell / PowerProtect Data Domain OS
|
<7.13.1.40 | ||
|
Dell PowerProtect Data Domain OS <7.10.1.70
Dell / PowerProtect Data Domain OS
|
<7.10.1.70 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain OS <8.3.1.10
Dell / PowerProtect Data Domain OS
|
<8.3.1.10 | ||
|
Dell PowerProtect Data Domain OS <8.5.0.0
Dell / PowerProtect Data Domain OS
|
<8.5.0.0 | ||
|
Dell PowerProtect Data Domain OS <8.4.0.0
Dell / PowerProtect Data Domain OS
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain
Dell
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS <7.13.1.40
Dell / PowerProtect Data Domain OS
|
<7.13.1.40 | ||
|
Dell PowerProtect Data Domain OS <7.10.1.70
Dell / PowerProtect Data Domain OS
|
<7.10.1.70 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain OS <8.3.1.10
Dell / PowerProtect Data Domain OS
|
<8.3.1.10 | ||
|
Dell PowerProtect Data Domain OS <8.5.0.0
Dell / PowerProtect Data Domain OS
|
<8.5.0.0 | ||
|
Dell PowerProtect Data Domain OS <8.4.0.0
Dell / PowerProtect Data Domain OS
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain
Dell
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS <7.13.1.40
Dell / PowerProtect Data Domain OS
|
<7.13.1.40 | ||
|
Dell PowerProtect Data Domain OS <7.10.1.70
Dell / PowerProtect Data Domain OS
|
<7.10.1.70 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain OS <8.3.1.10
Dell / PowerProtect Data Domain OS
|
<8.3.1.10 | ||
|
Dell PowerProtect Data Domain OS <8.5.0.0
Dell / PowerProtect Data Domain OS
|
<8.5.0.0 | ||
|
Dell PowerProtect Data Domain OS <8.4.0.0
Dell / PowerProtect Data Domain OS
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain
Dell
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS <7.13.1.40
Dell / PowerProtect Data Domain OS
|
<7.13.1.40 | ||
|
Dell PowerProtect Data Domain OS <7.10.1.70
Dell / PowerProtect Data Domain OS
|
<7.10.1.70 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain OS <8.3.1.10
Dell / PowerProtect Data Domain OS
|
<8.3.1.10 | ||
|
Dell PowerProtect Data Domain OS <8.5.0.0
Dell / PowerProtect Data Domain OS
|
<8.5.0.0 | ||
|
Dell PowerProtect Data Domain OS <8.4.0.0
Dell / PowerProtect Data Domain OS
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain
Dell
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS <7.13.1.40
Dell / PowerProtect Data Domain OS
|
<7.13.1.40 | ||
|
Dell PowerProtect Data Domain OS <7.10.1.70
Dell / PowerProtect Data Domain OS
|
<7.10.1.70 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain OS <8.3.1.10
Dell / PowerProtect Data Domain OS
|
<8.3.1.10 | ||
|
Dell PowerProtect Data Domain OS <8.5.0.0
Dell / PowerProtect Data Domain OS
|
<8.5.0.0 | ||
|
Dell PowerProtect Data Domain OS <8.4.0.0
Dell / PowerProtect Data Domain OS
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain
Dell
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS <7.13.1.40
Dell / PowerProtect Data Domain OS
|
<7.13.1.40 | ||
|
Dell PowerProtect Data Domain OS <7.10.1.70
Dell / PowerProtect Data Domain OS
|
<7.10.1.70 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain OS <8.3.1.10
Dell / PowerProtect Data Domain OS
|
<8.3.1.10 | ||
|
Dell PowerProtect Data Domain OS <8.5.0.0
Dell / PowerProtect Data Domain OS
|
<8.5.0.0 | ||
|
Dell PowerProtect Data Domain OS <8.4.0.0
Dell / PowerProtect Data Domain OS
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain
Dell
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS <7.13.1.40
Dell / PowerProtect Data Domain OS
|
<7.13.1.40 | ||
|
Dell PowerProtect Data Domain OS <7.10.1.70
Dell / PowerProtect Data Domain OS
|
<7.10.1.70 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain OS <8.3.1.10
Dell / PowerProtect Data Domain OS
|
<8.3.1.10 | ||
|
Dell PowerProtect Data Domain OS <8.5.0.0
Dell / PowerProtect Data Domain OS
|
<8.5.0.0 | ||
|
Dell PowerProtect Data Domain OS <8.4.0.0
Dell / PowerProtect Data Domain OS
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain
Dell
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS <7.13.1.40
Dell / PowerProtect Data Domain OS
|
<7.13.1.40 | ||
|
Dell PowerProtect Data Domain OS <7.10.1.70
Dell / PowerProtect Data Domain OS
|
<7.10.1.70 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain OS <8.3.1.10
Dell / PowerProtect Data Domain OS
|
<8.3.1.10 | ||
|
Dell PowerProtect Data Domain OS <8.5.0.0
Dell / PowerProtect Data Domain OS
|
<8.5.0.0 | ||
|
Dell PowerProtect Data Domain OS <8.4.0.0
Dell / PowerProtect Data Domain OS
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain
Dell
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS <7.13.1.40
Dell / PowerProtect Data Domain OS
|
<7.13.1.40 | ||
|
Dell PowerProtect Data Domain OS <7.10.1.70
Dell / PowerProtect Data Domain OS
|
<7.10.1.70 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain OS <8.3.1.10
Dell / PowerProtect Data Domain OS
|
<8.3.1.10 | ||
|
Dell PowerProtect Data Domain OS <8.5.0.0
Dell / PowerProtect Data Domain OS
|
<8.5.0.0 | ||
|
Dell PowerProtect Data Domain OS <8.4.0.0
Dell / PowerProtect Data Domain OS
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain
Dell
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS <7.13.1.40
Dell / PowerProtect Data Domain OS
|
<7.13.1.40 | ||
|
Dell PowerProtect Data Domain OS <7.10.1.70
Dell / PowerProtect Data Domain OS
|
<7.10.1.70 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain OS <8.3.1.10
Dell / PowerProtect Data Domain OS
|
<8.3.1.10 | ||
|
Dell PowerProtect Data Domain OS <8.5.0.0
Dell / PowerProtect Data Domain OS
|
<8.5.0.0 | ||
|
Dell PowerProtect Data Domain OS <8.4.0.0
Dell / PowerProtect Data Domain OS
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain
Dell
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS <7.13.1.40
Dell / PowerProtect Data Domain OS
|
<7.13.1.40 | ||
|
Dell PowerProtect Data Domain OS <7.10.1.70
Dell / PowerProtect Data Domain OS
|
<7.10.1.70 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain OS <8.3.1.10
Dell / PowerProtect Data Domain OS
|
<8.3.1.10 | ||
|
Dell PowerProtect Data Domain OS <8.5.0.0
Dell / PowerProtect Data Domain OS
|
<8.5.0.0 | ||
|
Dell PowerProtect Data Domain OS <8.4.0.0
Dell / PowerProtect Data Domain OS
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain
Dell
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS <7.13.1.40
Dell / PowerProtect Data Domain OS
|
<7.13.1.40 | ||
|
Dell PowerProtect Data Domain OS <7.10.1.70
Dell / PowerProtect Data Domain OS
|
<7.10.1.70 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain OS <8.3.1.10
Dell / PowerProtect Data Domain OS
|
<8.3.1.10 | ||
|
Dell PowerProtect Data Domain OS <8.4.0.0
Dell / PowerProtect Data Domain OS
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain
Dell
|
cpe:/a:dell:powerprotect_data_domain:-
|
— |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Dell PowerProtect Data Domain Operating System (DD OS) ist das Betriebssystem f\u00fcr die PowerProtect Data Domain Appliances von Dell.\r\nDell PowerProtect Data Domain Appliances sind speziell f\u00fcr Backup und Daten-Deduplizierung ausgelegte Systeme.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Dell PowerProtect Data Domain OS und Dell PowerProtect Data Domain ausnutzen, um beliebigen Code auszuf\u00fchren \u2013 sogar mit Root-Rechten \u2013, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, erweiterte Rechte zu erlangen, vertrauliche Informationen offenzulegen, Phishing-Angriffe zu starten und andere nicht n\u00e4her spezifizierte Angriffe durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2185 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2185.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2185 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2185"
},
{
"category": "external",
"summary": "Dell Security Advisory vom 2025-10-01",
"url": "https://www.dell.com/support/kbdoc/en-us/000376224/dsa-2025-333-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities"
}
],
"source_lang": "en-US",
"title": "Dell PowerProtect Data Domain mit DD OS: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-10-07T22:00:00.000+00:00",
"generator": {
"date": "2025-10-08T07:58:45.757+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-2185",
"initial_release_date": "2025-10-01T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-10-01T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-10-07T22:00:00.000+00:00",
"number": "2",
"summary": "Referenz(en) aufgenommen: EUVD-2025-32729, EUVD-2025-32911, EUVD-2025-32716, EUVD-2025-32897, EUVD-2025-32896, EUVD-2025-32726, EUVD-2025-32899, EUVD-2025-32900, EUVD-2025-32902, EUVD-2025-32905, EUVD-2025-32907, EUVD-2025-32909, EUVD-2025-32732"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Dell PowerProtect Data Domain",
"product": {
"name": "Dell PowerProtect Data Domain",
"product_id": "T047351",
"product_identification_helper": {
"cpe": "cpe:/a:dell:powerprotect_data_domain:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c8.5.0.0",
"product": {
"name": "Dell PowerProtect Data Domain OS \u003c8.5.0.0",
"product_id": "T047337"
}
},
{
"category": "product_version",
"name": "8.5.0.0",
"product": {
"name": "Dell PowerProtect Data Domain OS 8.5.0.0",
"product_id": "T047337-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:dell:powerprotect_data_domain_os:8.5.0.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.4.0.0",
"product": {
"name": "Dell PowerProtect Data Domain OS \u003c8.4.0.0",
"product_id": "T047338"
}
},
{
"category": "product_version",
"name": "8.4.0.0",
"product": {
"name": "Dell PowerProtect Data Domain OS 8.4.0.0",
"product_id": "T047338-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:dell:powerprotect_data_domain_os:8.4.0.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.3.1.10",
"product": {
"name": "Dell PowerProtect Data Domain OS \u003c8.3.1.10",
"product_id": "T047339"
}
},
{
"category": "product_version",
"name": "8.3.1.10",
"product": {
"name": "Dell PowerProtect Data Domain OS 8.3.1.10",
"product_id": "T047339-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:dell:powerprotect_data_domain_os:8.3.1.10"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.13.1.40",
"product": {
"name": "Dell PowerProtect Data Domain OS \u003c7.13.1.40",
"product_id": "T047340"
}
},
{
"category": "product_version",
"name": "7.13.1.40",
"product": {
"name": "Dell PowerProtect Data Domain OS 7.13.1.40",
"product_id": "T047340-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:dell:powerprotect_data_domain_os:7.13.1.40"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.10.1.70",
"product": {
"name": "Dell PowerProtect Data Domain OS \u003c7.10.1.70",
"product_id": "T047341"
}
},
{
"category": "product_version",
"name": "7.10.1.70",
"product": {
"name": "Dell PowerProtect Data Domain OS 7.10.1.70",
"product_id": "T047341-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:dell:powerprotect_data_domain_os:7.10.1.70"
}
}
}
],
"category": "product_name",
"name": "PowerProtect Data Domain OS"
}
],
"category": "vendor",
"name": "Dell"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-43914",
"product_status": {
"known_affected": [
"T047339",
"T047337",
"T047338",
"T047351",
"T047340",
"T047341"
]
},
"release_date": "2025-10-01T22:00:00.000+00:00",
"title": "CVE-2025-43914"
},
{
"cve": "CVE-2025-43890",
"product_status": {
"known_affected": [
"T047339",
"T047337",
"T047338",
"T047351",
"T047340",
"T047341"
]
},
"release_date": "2025-10-01T22:00:00.000+00:00",
"title": "CVE-2025-43890"
},
{
"cve": "CVE-2025-43906",
"product_status": {
"known_affected": [
"T047339",
"T047337",
"T047338",
"T047351",
"T047340",
"T047341"
]
},
"release_date": "2025-10-01T22:00:00.000+00:00",
"title": "CVE-2025-43906"
},
{
"cve": "CVE-2025-43908",
"product_status": {
"known_affected": [
"T047339",
"T047337",
"T047338",
"T047351",
"T047340",
"T047341"
]
},
"release_date": "2025-10-01T22:00:00.000+00:00",
"title": "CVE-2025-43908"
},
{
"cve": "CVE-2025-43910",
"product_status": {
"known_affected": [
"T047339",
"T047337",
"T047338",
"T047351",
"T047340",
"T047341"
]
},
"release_date": "2025-10-01T22:00:00.000+00:00",
"title": "CVE-2025-43910"
},
{
"cve": "CVE-2025-43911",
"product_status": {
"known_affected": [
"T047339",
"T047337",
"T047338",
"T047351",
"T047340",
"T047341"
]
},
"release_date": "2025-10-01T22:00:00.000+00:00",
"title": "CVE-2025-43911"
},
{
"cve": "CVE-2025-43934",
"product_status": {
"known_affected": [
"T047339",
"T047337",
"T047338",
"T047351",
"T047340",
"T047341"
]
},
"release_date": "2025-10-01T22:00:00.000+00:00",
"title": "CVE-2025-43934"
},
{
"cve": "CVE-2025-45375",
"product_status": {
"known_affected": [
"T047339",
"T047337",
"T047338",
"T047351",
"T047340",
"T047341"
]
},
"release_date": "2025-10-01T22:00:00.000+00:00",
"title": "CVE-2025-45375"
},
{
"cve": "CVE-2025-43889",
"product_status": {
"known_affected": [
"T047339",
"T047337",
"T047338",
"T047351",
"T047340",
"T047341"
]
},
"release_date": "2025-10-01T22:00:00.000+00:00",
"title": "CVE-2025-43889"
},
{
"cve": "CVE-2025-43891",
"product_status": {
"known_affected": [
"T047339",
"T047337",
"T047338",
"T047351",
"T047340",
"T047341"
]
},
"release_date": "2025-10-01T22:00:00.000+00:00",
"title": "CVE-2025-43891"
},
{
"cve": "CVE-2025-43909",
"product_status": {
"known_affected": [
"T047339",
"T047337",
"T047338",
"T047351",
"T047340",
"T047341"
]
},
"release_date": "2025-10-01T22:00:00.000+00:00",
"title": "CVE-2025-43909"
},
{
"cve": "CVE-2025-43912",
"product_status": {
"known_affected": [
"T047339",
"T047337",
"T047338",
"T047351",
"T047340",
"T047341"
]
},
"release_date": "2025-10-01T22:00:00.000+00:00",
"title": "CVE-2025-43912"
},
{
"cve": "CVE-2025-43913",
"product_status": {
"known_affected": [
"T047339",
"T047337",
"T047338",
"T047351",
"T047340",
"T047341"
]
},
"release_date": "2025-10-01T22:00:00.000+00:00",
"title": "CVE-2025-43913"
},
{
"cve": "CVE-2025-43905",
"product_status": {
"known_affected": [
"T047339",
"T047337",
"T047338",
"T047351",
"T047340",
"T047341"
]
},
"release_date": "2025-10-01T22:00:00.000+00:00",
"title": "CVE-2025-43905"
},
{
"cve": "CVE-2025-43907",
"product_status": {
"known_affected": [
"T047339",
"T047337",
"T047338",
"T047351",
"T047340",
"T047341"
]
},
"release_date": "2025-10-01T22:00:00.000+00:00",
"title": "CVE-2025-43907"
},
{
"cve": "CVE-2025-27687",
"product_status": {
"known_affected": [
"T047339",
"T047338",
"T047351"
]
},
"release_date": "2025-10-01T22:00:00.000+00:00",
"title": "CVE-2025-27687"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…