CVE-2025-43909 Overview
CVE-2025-43909 affects Dell PowerProtect Data Domain systems running the Data Domain Operating System (DD OS). The vulnerability resides in the DD Boost component and stems from the use of a broken or risky cryptographic algorithm [CWE-327]. An unauthenticated remote attacker can exploit this weakness to expose sensitive information traversing the DD Boost protocol. The flaw impacts confidentiality without requiring user interaction or authentication, making it relevant for any environment exposing DD Boost services on reachable networks. Dell published advisory DSA-2025-333 covering this and related issues across multiple supported release trains.
Critical Impact
Unauthenticated attackers with network access to DD Boost can intercept or recover sensitive data protected by weak cryptography, leading to information exposure across backup workflows.
Affected Products
- Dell PowerProtect Data Domain with DD OS Feature Release versions 7.7.1.0 through 8.3.0.15
- Dell PowerProtect Data Domain with DD OS LTS2025 release version 8.3.1.0 and LTS2024 versions 7.13.1.0 through 7.13.1.30
- Dell PowerProtect Data Domain with DD OS LTS2023 release versions 7.10.1.0 through 7.10.1.60
Discovery Timeline
- 2025-10-07 - CVE-2025-43909 published to the National Vulnerability Database
- 2025-10-14 - Last updated in the NVD database
Technical Details for CVE-2025-43909
Vulnerability Analysis
The vulnerability is classified under [CWE-327] Use of a Broken or Risky Cryptographic Algorithm. It exists in the DD Boost component, the protocol that orchestrates client-side deduplication and data transfer between backup applications and Data Domain appliances. Because DD Boost relies on a weak or deprecated cryptographic primitive, traffic protected by that primitive can be analyzed or recovered by an attacker positioned on the network. The attack vector is network-based and requires no privileges or user interaction. Successful exploitation undermines the confidentiality of backup metadata and potentially the data stream itself. Integrity and availability are not directly impacted, but exposed information can support follow-on attacks against backup infrastructure.
Root Cause
The DD Boost protocol implementation in affected DD OS releases uses a cryptographic algorithm that no longer meets current security expectations. Weaknesses in the chosen primitive allow an adversary to derive plaintext or key material from observed protocol traffic. Dell addresses the issue across the 7.7.x through 8.3.x Feature Release line and the LTS2023, LTS2024, and LTS2025 trains.
Attack Vector
An attacker on a network path between a DD Boost client and the Data Domain appliance captures protocol traffic. The attacker then applies known cryptanalytic techniques against the risky algorithm to recover protected content. No authentication or interaction with the appliance is required, which broadens the exposure for internet-adjacent or flat-network deployments.
No verified public exploitation code is available for this issue. Refer to the Dell Security Update Advisory DSA-2025-333 for vendor technical details.
Detection Methods for CVE-2025-43909
Indicators of Compromise
- Unexpected DD Boost sessions originating from hosts that are not authorized backup clients or media servers.
- Packet captures on TCP/2051 (DD Boost) showing sustained traffic from unknown source addresses or geographies.
- Anomalous read operations against DD Boost storage units outside scheduled backup windows.
Detection Strategies
- Inventory all Data Domain appliances and confirm the running DD OS version against the affected ranges listed in Dell DSA-2025-333.
- Inspect network flow records for DD Boost traffic crossing untrusted network segments or VLAN boundaries.
- Review DD OS audit logs for authentication events and storage-unit access patterns that deviate from baseline backup schedules.
Monitoring Recommendations
- Centralize DD OS syslog and audit telemetry in a SIEM and alert on unusual DD Boost client IPs or session counts.
- Monitor for clients negotiating legacy cipher suites or protocol versions against Data Domain endpoints.
- Correlate backup-application logs with DD Boost connection logs to identify sessions without a corresponding scheduled job.
How to Mitigate CVE-2025-43909
Immediate Actions Required
- Apply the DD OS updates referenced in Dell advisory DSA-2025-333 to all PowerProtect Data Domain systems in the affected version ranges.
- Restrict DD Boost network reachability to authorized backup servers using firewall rules, ACLs, or dedicated backup VLANs.
- Rotate credentials and shared secrets associated with DD Boost users after patching to invalidate any material that may have been exposed.
Patch Information
Dell has released fixed DD OS builds across the Feature Release, LTS2023, LTS2024, and LTS2025 trains. Customers should consult the Dell Security Update Advisory DSA-2025-333 for the specific fixed versions corresponding to their deployed release line and follow Dell's recommended upgrade procedures.
Workarounds
- Segment Data Domain management and DD Boost interfaces onto isolated networks accessible only to backup infrastructure.
- Disable DD Boost on appliances where the feature is not required and use alternative supported protocols configured with current cryptographic standards.
- Enforce strict ingress filtering on the DD Boost service port and monitor for unauthorized connection attempts pending patch deployment.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
