CVE-2025-30097 in PowerProtect Data Domain
Summary
by MITRE • 08/04/2025
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 09/27/2025
The vulnerability identified as CVE-2025-30097 represents a critical operating system command injection flaw within Dell PowerProtect Data Domain systems running specific software versions. This vulnerability exists in the DDSH CLI component of the Data Domain Operating System and affects multiple release branches including Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release versions 7.13.1.0 through 7.13.1.25, and LTS 2023 release versions 7.10.1.0 through 7.10.1.50. The flaw stems from inadequate input validation and sanitization within the command line interface, allowing maliciously crafted input to be interpreted and executed as operating system commands rather than being treated as data. This vulnerability is categorized under CWE-77 as improper neutralization of special elements used in an OS command, which directly maps to the ATT&CK technique T1059.001 for command and scripting interpreter. The security implications are severe as the vulnerability requires only local access with high privileged credentials, meaning an attacker who has already gained access to the system with elevated privileges can leverage this weakness to execute arbitrary commands with root privileges. This creates a significant escalation of privilege vector that can be exploited to gain complete system control and potentially compromise the entire data protection infrastructure. The impact extends beyond simple command execution as the root-level access enables attackers to modify system configurations, install malicious software, access sensitive data, and potentially establish persistent backdoors within the Data Domain environment. Organizations utilizing affected Dell PowerProtect Data Domain appliances face substantial risk of data breaches and system compromise, particularly in environments where these devices serve as critical data protection infrastructure. The vulnerability is particularly concerning given that it affects multiple LTS (Long Term Support) releases and feature releases, indicating a widespread exposure across different deployment scenarios and support cycles. Mitigation strategies should focus on immediate patching of affected systems, implementation of network segmentation to limit local access privileges, and enhanced monitoring for suspicious command execution patterns. Additionally, organizations should consider implementing privileged access management solutions and conducting comprehensive security assessments of their data protection infrastructure to identify and remediate similar vulnerabilities across their entire IT ecosystem. The vulnerability demonstrates the critical importance of input validation in CLI interfaces and highlights the need for robust security practices in enterprise storage and backup systems where privilege escalation can lead to catastrophic consequences for data integrity and security.