Platform
dell
Component
dell-powerprotect-datadomain-boostfs
Fixed in
8.6.0.0
8.3.1.30
7.13.1.60
CVE-2025-36568 is a security vulnerability affecting Dell PowerProtect Data Domain BoostFS, specifically related to insufficiently protected credentials. Successful exploitation could lead to the exposure of sensitive credentials, potentially allowing an attacker to gain unauthorized access to the system. This vulnerability impacts versions 7.7.1.0 through 8.5, LTS2025 8.3.1.0–8.3.1.20, and LTS2024 7.13.1.0–7.13.1.50. A patch is available in version 8.6.0.0 or later.
Dell has identified an insufficiently protected credentials vulnerability (CVE-2025-36568) in PowerProtect Data Domain BoostFS for client. This vulnerability affects specific versions of Feature Release (7.7.1.0 through 8.5), LTS2025 (8.3.1.0 through 8.3.1.20), and LTS2024 (7.13.1.0 through 7.13.1.50). A low-privileged attacker with local access could potentially exploit this vulnerability, leading to credential exposure. The attacker may be able to use the exposed credentials to access the system with the privileges of the compromised account, potentially resulting in a breach of confidentiality, integrity, or availability of data.
The vulnerability requires local access to the affected system. An attacker who already has local access could exploit this vulnerability to obtain credentials and escalate their privileges. Successful exploitation could allow the attacker to access sensitive data, modify system configuration, or disrupt operations. While the vulnerability is classified as having low complexity, the potential impact is significant due to the possibility of credential exposure.
Exploit Status
EPSS
0.01% (0% percentile)
CISA SSVC
CVSS Vector
Dell strongly recommends applying the update to version 8.6.0.0 or later of PowerProtect Data Domain BoostFS for client. This update addresses the vulnerability by improving credential protection. While applying the update, it is recommended to implement additional security measures, such as limiting local access to the system and monitoring for suspicious activity. Refer to the update release notes for detailed installation instructions. Dell is committed to the security of its customers and provides updates to address identified vulnerabilities.
Actualice Dell PowerProtect Data Domain BoostFS a la versión 8.6.0.0 o posterior, 8.3.1.30 o posterior, o 7.13.1.60 o posterior. Consulte la nota de Dell Security Advisory DSA-2026-060 para obtener más detalles e instrucciones de actualización.
Vulnerability analysis and critical alerts directly to your inbox.
The affected versions are Feature Release (7.7.1.0 through 8.5), LTS2025 (8.3.1.0 through 8.3.1.20), and LTS2024 (7.13.1.0 through 7.13.1.50).
Check the version of PowerProtect Data Domain BoostFS you are using. If you are using a version within the affected range, it is vulnerable.
Implement additional security measures, such as limiting local access and monitoring for suspicious activity.
No, there is currently no KEV associated with this vulnerability.
Refer to the release notes for update 8.6.0.0 or later on the Dell support website.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.