CVE-2025-43908 MEDIUM

CVE-2025-43908

Vendor Dell

Product PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release

Weakness CWE-78

Published October 7, 2025

Last update February 26, 2026

View on NVD All CVEs

CVSS base score

6.4/10

Attack vector Local

Attack complexity High

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.

Key dates

02Disclosure timeline

October 7, 2025 CVE published

February 26, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-43908

Related vulnerabilities

Identifiers

CVE CVE-2025-43908

CWE CWE-78

CVSS 6.4 / MEDIUM

Affected versions

Vendor Dell

Product PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release

Affected ≥ 7.7.1.0 and < 8.4.0.0

Vendor Dell

Product PowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2025

Affected ≥ 8.3.1.0 and < 8.3.1.10

Vendor Dell

Product PowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2024

Affected ≥ 7.13.1.0 and < 7.13.1.40

Vendor Dell

Product PowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2023

Affected ≥ 7.10.1.0 and < 7.10.1.70

CVE-2025-43908

01Description

02Disclosure timeline

03References

04Related CVE