CVE-2025-43889 Overview
CVE-2025-43889 is a path traversal vulnerability [CWE-22] affecting Dell PowerProtect Data Domain systems running Data Domain Operating System (DD OS). The flaw resides in the management UI and allows an unauthenticated remote attacker to access files outside the intended directory structure. Successful exploitation leads to information exposure on affected appliances. The vulnerability impacts Feature Release versions 7.7.1.0 through 8.4, LTS2024 versions 7.13.1.0 through 7.13.1.30, and LTS2023 versions 7.10.1.0 through 7.10.1.60. Dell published advisory DSA-2025-333 to address this issue along with other vulnerabilities.
Critical Impact
Unauthenticated remote attackers can traverse directory paths through the DD OS UI to read sensitive files, exposing backup configuration data and system information.
Affected Products
- Dell PowerProtect Data Domain with DD OS Feature Release versions 7.7.1.0 through 8.4
- Dell PowerProtect Data Domain with DD OS LTS2024 versions 7.13.1.0 through 7.13.1.30
- Dell PowerProtect Data Domain with DD OS LTS2023 versions 7.10.1.0 through 7.10.1.60
Discovery Timeline
- 2025-10-07 - CVE-2025-43889 published to NVD
- 2025-10-14 - Last updated in NVD database
Technical Details for CVE-2025-43889
Vulnerability Analysis
The vulnerability is an Improper Limitation of a Pathname to a Restricted Directory weakness in the Dell PowerProtect Data Domain UI. An attacker submits crafted requests containing directory traversal sequences to access files outside the web-accessible directory. The flaw requires no authentication and no user interaction. Successful exploitation results in information disclosure but does not directly modify data or affect availability. EPSS data places exploitation probability at 0.237% as of the latest scoring.
Root Cause
The root cause is insufficient input sanitization of file path parameters within the DD OS management UI. The application fails to canonicalize user-supplied path components or reject traversal sequences such as ../. This permits requests to escape the intended directory and reach arbitrary file system locations readable by the web service process.
Attack Vector
The attack is network-based and remote. An attacker who can reach the management UI sends HTTP requests containing manipulated path parameters. Because authentication is not required, exposure of the DD OS UI to untrusted networks substantially increases risk. The attacker can read configuration data, logs, or other files accessible to the UI process, supporting follow-on attacks against the backup infrastructure.
No verified proof-of-concept code has been published. Refer to the Dell Security Update DSA-2025-333 for vendor technical details.
Detection Methods for CVE-2025-43889
Indicators of Compromise
- HTTP requests to the DD OS UI containing directory traversal sequences such as ../, ..%2f, or encoded variants in URL path or query parameters
- Access attempts targeting sensitive file paths including /etc/, configuration files, or system logs through the web interface
- Unexpected outbound traffic from DD OS management interfaces to unknown external hosts following UI access
Detection Strategies
- Inspect web server and reverse proxy logs for requests containing path traversal patterns directed at the Data Domain UI endpoints
- Correlate unauthenticated session activity with abnormal file path parameters to identify probing behavior
- Compare baseline UI request patterns against current traffic to flag anomalous parameter content
Monitoring Recommendations
- Forward DD OS access and audit logs to a centralized logging or SIEM platform for retention and pattern analysis
- Alert on repeated 4xx responses from the management UI that suggest enumeration or traversal probing
- Monitor for management interface access originating from networks that should not have administrative reach
How to Mitigate CVE-2025-43889
Immediate Actions Required
- Apply the Dell PowerProtect Data Domain security update referenced in DSA-2025-333 to all affected DD OS appliances
- Inventory all PowerProtect Data Domain systems and identify those running affected Feature Release, LTS2024, or LTS2023 versions
- Restrict network access to the DD OS management UI to authorized administrative subnets only
Patch Information
Dell released fixed versions through advisory DSA-2025-333. Administrators should consult the Dell Security Update DSA-2025-333 for the specific fixed version corresponding to each affected release branch and upgrade accordingly.
Workarounds
- Place the DD OS management UI behind a VPN or jump host to eliminate untrusted network exposure until patches are applied
- Use network access control lists or firewall rules to limit inbound connections to the management interface to specific administrative IP addresses
- Disable external exposure of the management interface and require all administrative access to traverse internal trusted networks
# Example firewall restriction limiting DD OS UI access to an admin subnet
iptables -A INPUT -p tcp --dport 443 -s 10.10.50.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j DROP
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
