CVE-2025-30098

Summary

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.

Affected Software

VendorProductVersion RangeStatus
DellPowerProtect Data Domain Feature Release7.7.1.0 <= 8.1.0.10affected
DellPowerProtect Data Domain LTS20247.13.1.0 <= 7.13.1.25affected
DellPowerProtect Data Domain LTS 20237.10.1.0 <= 7.10.1.50affected

Weaknesses

  • CWE-78: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References