dell PowerProtect Data Domain Patched for Critical Vulnerabilities
Dell has released security updates to address numerous vulnerabilities within its PowerProtect Data Domain systems, including flaws in core components like FreeType and OpenSSL. Exploitation of these weaknesses could allow attackers to gain unauthorized system access and possibly execute malicious code, according to security disclosures.One particularly concerning vulnerability, CVE-2025-43914 (“hoch” – high severity), is among those addressed.
The updates mitigate risks that, if exploited, could allow an attacker with elevated privileges to escalate to root access (CVE-2025-43890 – medium severity), resulting in full system compromise. While there is currently no evidence of active exploitation, administrators are strongly advised to update to one of the following patched versions of Dell PowerProtect Data Domain: 8.5.0.0, 8.4.0.0, 8.3.1.10, 7.10.1.70, or 7.13.1.40. These vulnerabilities highlight the ongoing need for proactive security measures and timely patching of critical infrastructure components to protect against evolving cyber threats.
