CVE-2025-29987

Summary

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root privileges.

Affected Software

VendorProductVersion RangeStatus
DellDD OS 8.37.7.1.0 <= 8.3.0.10affected
DellDD OS 7.137.13.1.0 <= 7.13.1.20affected
DellDD OS 7.107.10.1.0 <= 7.10.1.50affected
DellPowerProtect DP Series Appliance (IDPA)N/A < 2.7.8affected

Weaknesses

  • CWE-1220: CWE-1220: Insufficient Granularity of Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References