CVE-2025-29987

HIGH8.8

Description

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root privileges.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Dell / DD OS 7.107.10.1.0 – 7.10.1.50
Dell / DD OS 7.137.13.1.0 – 7.13.1.20
Dell / DD OS 8.37.7.1.0 – 8.3.0.10
Dell / PowerProtect DP Series Appliance (IDPA)N/A – 2.7.8

References

MISChttps://www.dell.com/support/kbdoc/en-us/000300899/dsa-2025-139-dell-technologies-powerprotect-data-domain-security-update-for-a-security-vulnerability