CVE-2025-45375 is a stack-based buffer overflow vulnerability identified in Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) across multiple feature and long-term support (LTS) release versions, specifically from 7.7.1.0 through 8.3.0.15, including LTS2025 8.3.1.0, LTS2024 7.13.1.0 through 7.13.1.30, and LTS2023 7.10.1.0 through 7.10.1.60. The vulnerability arises due to improper handling of stack memory, allowing a high privileged local attacker to overflow a buffer on the stack. Exploitation requires local access with high privileges, such as an administrator or system operator, and does not require user interaction. Successful exploitation leads to denial of service (DoS) conditions by crashing or destabilizing the DD OS, impacting availability of the data protection system. The vulnerability does not affect confidentiality or integrity of data. The CVSS v3.1 base score is 4.4 (medium), reflecting the local attack vector, low complexity, high privileges required, no user interaction, and impact limited to availability. No public exploit code or active exploitation in the wild has been reported as of the publication date. Dell has not yet published patches or mitigation details, but affected organizations should monitor for updates. The vulnerability is classified under CWE-121, indicating a classic stack-based buffer overflow issue, which historically can lead to crashes or potential code execution if exploited under different conditions. However, current information limits impact to denial of service only.

For European organizations, the primary impact of CVE-2025-45375 is the potential denial of service of Dell PowerProtect Data Domain systems, which are widely used for backup and data deduplication in enterprise data centers. A successful DoS could disrupt backup operations, delay data recovery, and increase risk of data loss in case of other incidents. Organizations relying heavily on these systems for critical data protection may face operational downtime and increased recovery times. Since exploitation requires local high privileges, the threat is mainly from insider threats or attackers who have already compromised administrative accounts. The lack of impact on confidentiality and integrity reduces the risk of data breaches but availability disruption in backup infrastructure can have cascading effects on business continuity. European entities with stringent data protection regulations (e.g., GDPR) must consider the operational risk and ensure timely remediation to maintain compliance and service levels.

1. Restrict local administrative access to Dell PowerProtect Data Domain systems strictly to trusted personnel and monitor for unauthorized access attempts. 2. Implement strong authentication and access control policies to minimize the risk of privilege escalation or insider threats. 3. Monitor system logs and performance metrics for signs of instability or crashes that could indicate exploitation attempts. 4. Apply principle of least privilege on all accounts interacting with DD OS to reduce attack surface. 5. Stay informed on Dell security advisories and apply patches or firmware updates promptly once released. 6. Consider network segmentation to isolate backup infrastructure from general user networks, limiting local access vectors. 7. Conduct regular security audits and penetration testing focusing on local privilege abuse scenarios. 8. Develop and test incident response plans specifically for backup system outages to minimize downtime impact.