CVE-2025-30098 in PowerProtect Data Domain
Summary
by MITRE • 08/04/2025
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 09/27/2025
The vulnerability identified as CVE-2025-30098 represents a critical operating system command injection flaw within Dell PowerProtect Data Domain systems running specific software versions. This issue affects multiple release branches including Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release versions 7.13.1.0 through 7.13.1.25, and LTS 2023 release versions 7.10.1.0 through 7.10.1.50. The vulnerability specifically resides within the DDSH CLI component of the Data Domain Operating System, which serves as a command-line interface for system administration and management operations.
The technical root cause of this vulnerability stems from improper neutralization of special elements used in operating system commands, classified as CWE-77 within the Common Weakness Enumeration framework. This flaw occurs when user-supplied input containing shell metacharacters is not adequately sanitized or escaped before being passed to operating system command execution functions. Attackers can exploit this weakness by crafting malicious input that gets interpreted by the underlying shell, allowing arbitrary command execution. The vulnerability's classification as an OS Command Injection aligns with the ATT&CK technique T1059.001 for Command and Scripting Interpreter, specifically targeting the Windows Command Shell and Unix Shell execution paths.
The operational impact of this vulnerability is severe given that it requires only high-privileged local access to exploit successfully. An attacker with local access to the system can leverage this command injection flaw to execute arbitrary commands with root privileges, effectively compromising the entire system. This privilege escalation capability enables attackers to gain complete control over the Data Domain appliance, potentially leading to data exfiltration, system modification, or use as a pivot point for further attacks within the network. The vulnerability affects systems where the DDSH CLI is accessible, making it particularly dangerous in environments where administrative access is more prevalent or where systems are not properly segmented.
Mitigation strategies for CVE-2025-30098 should prioritize immediate software updates to the latest available versions that contain patches for this vulnerability. Organizations should also implement network segmentation to limit local access to critical systems and enforce the principle of least privilege for administrative accounts. Additional protective measures include monitoring for unusual command execution patterns, implementing input validation controls at the application level, and conducting regular security assessments of administrative interfaces. Security teams should also consider disabling unnecessary CLI access where possible and implementing robust logging and alerting mechanisms to detect potential exploitation attempts. The vulnerability's severity warrants immediate attention from system administrators and security teams to prevent potential compromise of critical data protection infrastructure.