CVE-2025-43889 Overview
CVE-2025-43889 is a path traversal vulnerability in the user interface of Dell PowerProtect Data Domain with Data Domain Operating System (DD OS). The flaw allows an unauthenticated remote attacker to access files outside the intended directory, leading to information exposure. The vulnerability is categorized under [CWE-22] Improper Limitation of a Pathname to a Restricted Directory.
The issue affects Feature Release versions 7.7.1.0 through 8.4, LTS2024 release versions 7.13.1.0 through 7.13.1.30, and LTS2023 release versions 7.10.1.0 through 7.10.1.60. Dell released advisory DSA-2025-333 to address the issue.
Critical Impact
Unauthenticated remote attackers can read sensitive files from affected Dell PowerProtect Data Domain appliances, exposing backup configurations and operational data.
Affected Products
- Dell PowerProtect Data Domain DD OS Feature Release 7.7.1.0 through 8.4
- Dell PowerProtect Data Domain DD OS LTS2024 7.13.1.0 through 7.13.1.30
- Dell PowerProtect Data Domain DD OS LTS2023 7.10.1.0 through 7.10.1.60
Discovery Timeline
- 2025-10-07 - CVE-2025-43889 published to NVD
- 2025-10-14 - Last updated in NVD database
Technical Details for CVE-2025-43889
Vulnerability Analysis
The vulnerability resides in the DD OS web user interface. The UI fails to properly sanitize user-supplied input used to construct file paths. Attackers can submit crafted requests containing directory traversal sequences such as ../ to escape the intended file scope.
Because the affected endpoint does not require authentication, exploitation requires only network reachability to the management interface. Successful exploitation results in disclosure of file contents accessible to the web application process.
The attack does not impact integrity or availability, but the confidentiality impact is high. Exposed data may include configuration files, credentials, or operational metadata that supports follow-on attacks against the backup environment.
Root Cause
The root cause is insufficient validation of pathname components in HTTP request parameters processed by the DD OS UI. The application accepts traversal sequences without normalizing or restricting access to a base directory.
Attack Vector
An attacker sends an HTTP or HTTPS request to the DD OS management UI containing path traversal sequences in a vulnerable parameter. The server resolves the manipulated path and returns the contents of files outside the web root. No credentials and no user interaction are required.
No public proof-of-concept is available for CVE-2025-43889. Refer to the Dell Security Update DSA-2025-333 for vendor technical details.
Detection Methods for CVE-2025-43889
Indicators of Compromise
- HTTP requests to the DD OS UI containing traversal sequences such as ../, ..%2f, or encoded variants in URL parameters or path segments.
- Web server access logs showing successful 200 responses to requests referencing system files (for example /etc/passwd, configuration files, or backup metadata).
- Unusual outbound data transfers from the Data Domain management interface to untrusted source addresses.
Detection Strategies
- Inspect DD OS web server access logs for path traversal patterns and decode URL-encoded payloads before matching.
- Deploy web application firewall (WAF) rules that block directory traversal sequences targeting the DD OS management UI.
- Correlate authentication-absent file read requests with subsequent reconnaissance or lateral movement activity.
Monitoring Recommendations
- Forward DD OS UI access logs to a centralized SIEM and alert on traversal patterns and anomalous file access.
- Monitor management network segments for unexpected scans against TCP ports used by the DD OS UI.
- Review file access audit trails for sensitive configuration files referenced by external HTTP requests.
How to Mitigate CVE-2025-43889
Immediate Actions Required
- Apply the fixed DD OS versions referenced in Dell Security Update DSA-2025-333 as soon as possible.
- Restrict network access to the DD OS management UI to trusted administrative subnets only.
- Audit recent UI access logs for evidence of exploitation prior to patching.
Patch Information
Dell has published advisory DSA-2025-333 with fixed releases for affected Feature Release, LTS2024, and LTS2023 branches. Administrators should consult the Dell Security Update DSA-2025-333 for the specific fixed version applicable to their deployment.
Workarounds
- Place the DD OS management interface behind a VPN or jump host accessible only by authorized administrators.
- Apply firewall rules and access control lists to limit inbound connections to the UI.
- Deploy a WAF in front of the management UI to block path traversal payloads until patches can be applied.
# Example firewall rule restricting DD OS UI access to an admin subnet
iptables -A INPUT -p tcp --dport 443 -s 10.0.10.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j DROP
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

