CVE-2025-36568 | THREATINT

Description

Dell PowerProtect Data Domain BoostFS for client of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain an insufficiently protected credentials vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to credential exposure. The attacker may be able to use the exposed credentials to access the system with privileges of the compromised account.

PUBLISHED Reserved 2025-04-15 | Published 2026-04-17 | Updated 2026-04-18 | Assigner dell

HIGH: 7.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-522: Insufficiently Protected Credentials

Product status

Default status

unaffected

Any version before 8.6.0.0 or later

affected

Any version before 8.3.1.30 or later

affected

Any version before 7.13.1.60 or later

affected

References

www.dell.com/...protect-data-domain-multiple-vulnerabilities vendor-advisory

cve.org (CVE-2025-36568)

nvd.nist.gov (CVE-2025-36568)

Download JSON