Dell PowerProtect BoostFS Credential Exposure Vulnerability
Dell PowerProtect Data Domain BoostFS, across multiple Feature Release and LTS versions (7.7.1.0-8.5, 8.3.1.0-8.3.1.20, 7.13.1.0-7.13.1.50), contains a critical credential exposure vulnerability, CVE-2025-36568. The National Vulnerability Database assigns it a CVSS score of 7.8 (HIGH), highlighting the severity.
This flaw, categorized as CWE-522 (Insufficiently Protected Credentials), allows a low-privileged local attacker to potentially gain access to sensitive credentials. The attacker could then leverage these exposed credentials to elevate privileges and gain unauthorized access to the system, as reported by the National Vulnerability Database.
For defenders, this is a clear call to action. Any local access, even by a low-privileged user, can escalate into a full compromise. The attacker’s calculus here is simple: find a weak link, grab credentials, and pivot. This isn’t about sophisticated remote exploits; it’s about internal hygiene and privilege management. Patching is non-negotiable, but so is auditing local access controls and ensuring least privilege is strictly enforced for all users interacting with Dell PowerProtect Data Domain BoostFS.
What This Means For You
- If your organization uses Dell PowerProtect Data Domain BoostFS, you must prioritize patching all affected versions to mitigate CVE-2025-36568. Immediately audit local access permissions for any systems running BoostFS and ensure no low-privileged accounts have unnecessary access that could be exploited to expose credentials.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 auto-generated detection rules for this incident, mapped to MITRE ATT&CK. Available in Sigma, Splunk SPL, Sentinel KQL, Elastic Lucene, QRadar AQL, and Wazuh.
Credential Abuse from Breached Vendor — CVE-2025-36568
Want this in your SIEM's native format? Get Splunk SPL, Sentinel KQL, Elastic, QRadar AQL, or Wazuh — ready to paste.
3 Sigma rules mapped to the ATT&CK techniques from this breach — pick your SIEM and get a ready-to-paste query.
Get All SIEM Formats →Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2025-36568 | Information Disclosure | Dell PowerProtect Data Domain BoostFS client Feature Release versions 7.7.1.0 through 8.5 |
| CVE-2025-36568 | Information Disclosure | Dell PowerProtect Data Domain BoostFS client LTS2025 release version 8.3.1.0 through 8.3.1.20 |
| CVE-2025-36568 | Information Disclosure | Dell PowerProtect Data Domain BoostFS client LTS2024 release versions 7.13.1.0 through 7.13.1.50 |
| CVE-2025-36568 | Information Disclosure | Insufficiently protected credentials vulnerability |
Written by SCW Vulnerability Desk
Related Posts
CVE-2026-23779 — Command Injection
CVE-2026-23779 — Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through...
Dell DD OS Vulnerability: Certificate Login Elevation of Privilege
CVE-2026-23776 — Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through...
CISA Warns: Active Exploitation of 13-Year-Old Apache ActiveMQ Flaw
CISA has issued a critical alert: a high-severity vulnerability in Apache ActiveMQ, dormant for thirteen years, is now actively being exploited in the wild. This...