CVE-2025-36568: Dell PowerProtect Data Domain BoostFS

Overview

CVE-2025-36568 is a CWE-522 (Insufficiently Protected Credentials) vulnerability affecting Dell PowerProtect Data Domain BoostFS, a client component used in enterprise data protection and disaster recovery deployments. The flaw enables a low-privileged local attacker to extract stored credentials from the affected system, potentially enabling privilege escalation and lateral movement within backup infrastructure.

Dell has assigned this vulnerability a CVSS 3.1 base score of 7.8 (HIGH).

Technical Details

The vulnerability stems from inadequate protection of stored credentials within the BoostFS client component. Dell PowerProtect Data Domain is widely deployed in enterprise environments for deduplication, backup, and disaster recovery — making this class of credential exposure particularly dangerous.

An attacker with local access at a low privilege level can exploit this flaw to retrieve credentials in plaintext or weakly protected form. The extracted credentials can then be leveraged to authenticate to higher-privileged system components or adjacent infrastructure, creating a path for privilege escalation and lateral movement across backup environments.

Weakness classification: CWE-522 — Insufficiently Protected Credentials

Affected Versions

Impact

Successful exploitation allows a local attacker to:

• Extract plaintext or weakly protected credentials from the BoostFS client
• Authenticate to Data Domain systems with escalated privileges
• Access protected backup data repositories
• Potentially pivot to other infrastructure using harvested credentials

Given that Dell PowerProtect Data Domain is commonly deployed in environments storing sensitive enterprise backups, credential theft from this component represents a high-value target for ransomware operators and insider threat actors.

Remediation

Dell has released patches addressing this vulnerability across all affected release lines. Organizations should review the following Dell Security Advisories and upgrade to fixed versions immediately:

• DSA-2025-159
• DSA-2025-333
• DSA-2025-415
• DSA-2026-060

Upgrade to the latest available version within your release track. After patching, rotate any credentials that may have been stored or processed by BoostFS on affected systems.

Recommendations

1. Patch immediately — apply updates to all affected Data Domain BoostFS deployments
2. Audit credential storage — review how credentials are stored and transmitted within your Data Domain environment
3. Rotate credentials — assume all credentials accessible to BoostFS on affected versions may be compromised
4. Monitor for anomalous access — watch for unexpected authentication attempts against backup infrastructure
5. Review local access controls — limit who can obtain local access to systems running affected BoostFS versions

References

• NVD — CVE-2025-36568
• Dell Security Advisory DSA-2025-159

Related Reading

• CVE-2026-35155: Dell iDRAC10 Race Condition Enables
• Dell ECS and ObjectScale: Hard-Coded Credentials
• Dell RecoverPoint Zero-Day Exploited by Chinese APT Since