Insufficiently Protected Credentials in Dell PowerProtect Data Domain BoostFS
CVE-2025-36568

7.8HIGH

Key Information:

Vendor: Dell
Status: Powerprotect Data Domain Boostfs
Vendor: CVE Published:; 17 April 2026

What is CVE-2025-36568?

The Dell PowerProtect Data Domain BoostFS product line has a vulnerability where low-privileged attackers with local access can exploit insufficiently protected credentials. This flaw may result in the exposure of sensitive credentials, potentially allowing attackers to gain unauthorized access to the system at the level of the compromised account. It is essential for users running affected versions to apply the latest security updates to mitigate this risk.

Affected Version(s)

PowerProtect Data Domain BoostFS 0 < 8.6.0.0 or later

PowerProtect Data Domain BoostFS 0 < 8.3.1.30 or later

PowerProtect Data Domain BoostFS 0 < 7.13.1.60 or later

References

https://www.dell.com/support/kbdoc/en-us/000450699/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2026
Vulnerability Reserved
Apr 15, 2025

CVE-2025-36568 Data

JSON