CVE-2025-30096

August 4, 2025 invoker category_cve

CVE Details

Basic Information

Title CVE-2025-30096
Type cve
Published 2025-08-04T14:32:53.745Z
Modified 2025-08-04T14:32:53.745Z

Product Information

Vendor Dell
Product PowerProtect Data Domain Feature Release
Version 7.7.1.0

CVSS Information

Base Score 6.7 (MEDIUM)
Attack Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Products

  • Dell PowerProtect Data Domain Feature Release 7.7.1.0
  • Dell PowerProtect Data Domain LTS2024 7.13.1.0
  • Dell PowerProtect Data Domain LTS 2023 7.10.1.0

Additional Information

CWE List CWE-78
Source dell

Description

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.