Path Traversal Vulnerability in Dell PowerProtect Data Domain UI
CVE-2025-43889

5.3MEDIUM

Key Information:

Vendor: Dell
Status: Powerprotect Data Domain With Data Domain Operating System (dd Os) Of Feature Release; Powerprotect Data Domain With Data Domain Operating System (dd Os) Lts2024; Powerprotect Data Domain With Data Domain Operating System (dd Os) Lts2023
Vendor: CVE Published:; 7 October 2025

What is CVE-2025-43889?

The Dell PowerProtect Data Domain, including its Data Domain Operating System across several version lines, bears a vulnerability in its user interface that allows for improper pathname handling. This path traversal vulnerability can be exploited by an unauthenticated attacker who has remote access, potentially leading to sensitive information being exposed. It is crucial for users and administrators to apply security updates in order to mitigate this risk and ensure the integrity of their data protection strategies.

Affected Version(s)

PowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2023 7.10.1.0 < 7.10.1.70

PowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2024 7.13.1.0 < 7.13.1.40

PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release 7.7.1.0 < 8.5.0.0

References

https://www.dell.com/support/kbdoc/en-us/000376224/dsa-20...

vendor-advisory

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 7, 2025
Vulnerability Reserved
Apr 18, 2025

JSON