CVE Details
Basic Information
| Title | CVE-2025-30099 |
|---|---|
| Type | cve |
| Published | 2025-08-04T14:47:32.002Z |
| Modified | 2025-08-04T14:47:32.002Z |
Product Information
| Vendor | Dell |
|---|---|
| Product | PowerProtect Data Domain Feature Release |
| Version | 7.7.1.0 |
CVSS Information
| Base Score | 7.8 (HIGH) |
|---|---|
| Attack Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
AI Analysis
| AI Description | A vulnerability in Dell PowerProtect Data Domain allows low-privileged attackers with local access to execute arbitrary commands with root privileges due to improper neutralization of special elements in OS commands. This could lead to significant system compromise. |
|---|---|
| AI Severity | Critical |
| AI Vendor | Dell |
| AI Product | PowerProtect Data Domain |
| AI Version | 7.7.1.0, 7.13.1.0, 7.10.1.0 |
Affected Products
- Dell PowerProtect Data Domain Feature Release 7.7.1.0
- Dell PowerProtect Data Domain LTS2024 7.13.1.0
- Dell PowerProtect Data Domain LTS 2023 7.10.1.0
Additional Information
| CWE List | CWE-78 |
|---|---|
| Source | dell |
Description
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in the DDSH CLI. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.