CVE-2025-43914Incorrect Privilege Assignment in Dell Powerprotect Data Domain Boostfs FOR Linux Ubuntu Feature Release

CWE-266Incorrect Privilege Assignment4 documents4 sources
Severity
7.8HIGHNVD
CNA7.5
EPSS
0.0%
top 97.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Dell Powerprotect Data Domain Boostfs FOR Linux Ubuntu Feature ReleaseDell Powerprotect Data Domain Boostfs FOR Linux Ubuntu Lts2023Dell Powerprotect Data Domain Boostfs FOR Linux Ubuntu Lts2024+2 more
Timeline
PublishedOct 7

Description

Dell PowerProtect Data Domain BoostFS for Linux Ubuntu systems of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

NVDdell/data_domain_operating_system7.7.1.07.10.1.70+3

🔴Vulnerability Details

2
GHSA
GHSA-9cc8-cjgw-8qwx: Dell PowerProtect Data Domain BoostFS for Linux Ubuntu systems of Feature Release versions 72025-10-07
CVEList
CVE-2025-43914: Dell PowerProtect Data Domain BoostFS for Linux Ubuntu systems of Feature Release versions 72025-10-07

📋Vendor Advisories

1
Microsoft
md/raid5: avoid BUG_ON() while continue reshape after reassembling2024-08-13
CVE-2025-43914 — Incorrect Privilege Assignment in Dell | cvebase