Dell PowerProtect Data Domain BoostFS: Credentials Exposed by Local Attack

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.8

Dell PowerProtect Data Domain BoostFS: Credentials Exposed by Local Attack

CVE-2025-36568

Summary

A security issue in Dell PowerProtect Data Domain BoostFS allows an attacker with local access to see sensitive login credentials. This could let the attacker use those credentials to access the system with higher privileges. Affected users should update to the latest version of BoostFS to fix this issue.

Original title

Original description

Dell PowerProtect Data Domain BoostFS for client of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain an insufficiently protected credentials vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to credential exposure. The attacker may be able to use the exposed credentials to access the system with privileges of the compromised account.

nvd CVSS3.1 7.8

Vulnerability type

CWE-522 Insufficiently Protected Credentials

https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-...

Published: 17 Apr 2026 · Updated: 17 Apr 2026 · First seen: 17 Apr 2026