{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/credential-exposure/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2025-36568"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["credential-exposure","dell","powerprotect","CVE-2025-36568"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2025-36568 affects Dell PowerProtect Data Domain BoostFS for client software, specifically Feature Release versions 7.7.1.0 through 8.5, LTS2025 release versions 8.3.1.0 through 8.3.1.20, and LTS2024 release versions 7.13.1.0 through 7.13.1.50. The vulnerability stems from insufficiently protected credentials, potentially allowing a low-privileged attacker with local system access to expose sensitive information. Successful exploitation could allow the attacker to access the system with the privileges associated with the compromised account. This vulnerability poses a significant risk to organizations using the affected software, as it can lead to unauthorized access and potential data breaches. Defenders should prioritize patching or mitigating this vulnerability to prevent exploitation.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains low-privileged local access to a system running a vulnerable version of Dell PowerProtect Data Domain BoostFS.\u003c/li\u003e\n\u003cli\u003eAttacker identifies the location of the insufficiently protected credential files within the BoostFS installation.\u003c/li\u003e\n\u003cli\u003eAttacker leverages standard file system tools (e.g., \u003ccode\u003ecat\u003c/code\u003e, \u003ccode\u003etype\u003c/code\u003e, or a file explorer) to access and read the credential files.\u003c/li\u003e\n\u003cli\u003eThe attacker extracts the exposed credentials from the files. These credentials could include usernames, passwords, API keys, or other sensitive information.\u003c/li\u003e\n\u003cli\u003eAttacker uses the compromised credentials to authenticate to the PowerProtect Data Domain system.\u003c/li\u003e\n\u003cli\u003eUpon successful authentication, the attacker gains access to the system with the privileges of the compromised account.\u003c/li\u003e\n\u003cli\u003eAttacker leverages their compromised account to escalate privileges further within the Data Domain system, potentially gaining administrative control.\u003c/li\u003e\n\u003cli\u003eAttacker uses compromised access to exfiltrate sensitive data, disrupt backups, or deploy ransomware.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2025-36568 allows a low-privileged local attacker to expose credentials stored by Dell PowerProtect Data Domain BoostFS. This can lead to unauthorized access to the Data Domain system, potentially granting the attacker the same privileges as the compromised account. Depending on the privileges of the compromised account, this could lead to a full system compromise, data exfiltration, backup disruption, and potential ransomware deployment. The impact is significant for organizations relying on PowerProtect Data Domain for data protection, as it can compromise the integrity and availability of their backups.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Dell PowerProtect Data Domain BoostFS to a patched version that addresses CVE-2025-36568. Refer to Dell\u0026rsquo;s security advisory for specific upgrade instructions.\u003c/li\u003e\n\u003cli\u003eMonitor file access events for suspicious access to files within the Dell PowerProtect Data Domain BoostFS installation directory. Deploy the Sigma rule \u0026ldquo;Detect Suspicious Access to Dell PowerProtect BoostFS Credential Files\u0026rdquo; to your SIEM and tune for your environment.\u003c/li\u003e\n\u003cli\u003eImplement strong access controls to restrict local access to systems running Dell PowerProtect Data Domain BoostFS.\u003c/li\u003e\n\u003cli\u003eRegularly audit user accounts and privileges on the PowerProtect Data Domain system to identify and remove unnecessary accounts or excessive privileges.\u003c/li\u003e\n\u003cli\u003eEnable logging and alerting for successful and failed login attempts to the PowerProtect Data Domain system to detect potential unauthorized access attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-17T09:16:05Z","date_published":"2026-04-17T09:16:05Z","id":"/briefs/2024-07-dell-powerprotect-credential-exposure/","summary":"Dell PowerProtect Data Domain BoostFS versions 7.7.1.0 through 8.5, 8.3.1.0 through 8.3.1.20, and 7.13.1.0 through 7.13.1.50 are vulnerable to an insufficiently protected credentials vulnerability, allowing a low-privileged attacker with local access to expose credentials and potentially gain elevated privileges.","title":"Dell PowerProtect Data Domain BoostFS Credential Exposure Vulnerability (CVE-2025-36568)","url":"https://feed.craftedsignal.io/briefs/2024-07-dell-powerprotect-credential-exposure/"}],"language":"en","title":"CraftedSignal Threat Feed — Credential-Exposure","version":"https://jsonfeed.org/version/1.1"}