CVE-2025-36568

CVE-2025-36568 PUBLISHED

Assigner: dell
Reserved: 15.04.2025 Published: 17.04.2026 Updated: 17.04.2026

Dell PowerProtect Data Domain BoostFS for client of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain an insufficiently protected credentials vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to credential exposure. The attacker may be able to use the exposed credentials to access the system with privileges of the compromised account.

Metrics

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CVSS Score: 7.8

Attack Vector	Local	Scope	Changed
Attack Complexity	High	Confidentiality Impact	High
Privileges Required	Low	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Dell
Product	PowerProtect Data Domain BoostFS
Versions	Default: unaffected affected from 0 to 8.6.0.0 or later (excl.) affected from 0 to 8.3.1.30 or later (excl.) affected from 0 to 7.13.1.60 or later (excl.)

Vendor

Dell

Product

PowerProtect Data Domain BoostFS

Versions

Default: unaffected

affected from 0 to 8.6.0.0 or later (excl.)
affected from 0 to 8.3.1.30 or later (excl.)
affected from 0 to 7.13.1.60 or later (excl.)

References

Problem Types

CWE-522: Insufficiently Protected Credentials CWE