CVE-2025-30096 in PowerProtect Data Domaininfo

Summary

by MITRE • 08/04/2025

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 09/27/2025

The vulnerability identified as CVE-2025-30096 represents a critical operating system command injection flaw within Dell PowerProtect Data Domain systems running specific versions of the Data Domain Operating System. This vulnerability exists in the DDSH CLI component, which serves as a command-line interface for system administration and configuration tasks. The affected systems span multiple release branches including Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release versions 7.13.1.0 through 7.13.1.25, and LTS 2023 release versions 7.10.1.0 through 7.10.1.50, indicating a widespread impact across different system generations. The vulnerability stems from improper neutralization of special elements used in OS commands, creating a pathway for malicious command execution that bypasses normal security controls.

The technical implementation of this vulnerability allows an attacker with high privileged local access to inject malicious commands into the DDSH CLI interface. This command injection occurs when user-supplied input containing special shell metacharacters is not properly sanitized or escaped before being passed to underlying operating system commands. The flaw specifically affects the CLI parsing mechanism where input validation fails to adequately filter or escape characters that could alter command execution flow, such as semicolons, ampersands, or backticks. The security implications are severe because the vulnerable system accepts commands from authenticated users who already possess high privileges, meaning the attack vector requires only local access rather than network-based exploitation. This makes the vulnerability particularly dangerous in environments where local system access might be compromised through other means such as credential theft or physical access.

The operational impact of this vulnerability extends beyond simple command execution capabilities, as it enables full system compromise with root privileges. An attacker could leverage this vulnerability to escalate their privileges to the highest system level, gaining complete control over the Data Domain appliance. This includes the ability to modify system configurations, access sensitive data repositories, install malicious software, or completely disable system functionality. The vulnerability affects backup and recovery operations that are critical for enterprise data protection, potentially allowing attackers to corrupt backup data, exfiltrate sensitive information, or disrupt business continuity operations. The impact is particularly concerning for organizations relying on PowerProtect Data Domain systems for critical data protection, as the compromise of these systems could lead to significant data loss or regulatory compliance violations.

Mitigation strategies for CVE-2025-30096 should focus on immediate system updates and access controls. Organizations must prioritize applying the latest security patches provided by Dell for all affected versions of the Data Domain Operating System, as these patches will address the input sanitization flaws in the DDSH CLI component. System administrators should implement strict access controls limiting local system access to only authorized personnel with legitimate administrative needs. Network segmentation and monitoring should be enhanced to detect suspicious command execution patterns that might indicate exploitation attempts. The vulnerability aligns with CWE-77 and CWE-78 categories related to OS command injection and improper neutralization of special elements, respectively, and represents a clear violation of the principle of least privilege as outlined in the MITRE ATT&CK framework under the privilege escalation and command execution tactics. Additionally, organizations should conduct comprehensive security assessments of their Data Domain implementations to identify any other potential command injection vulnerabilities in similar system components.

Responsible

Dell

Reservation

03/17/2025

Disclosure

08/04/2025

Moderation

accepted

CPE

ready

EPSS

0.00450

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!