SecuriTricks - CVE-2025-29987

Description

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root privileges.

Product(s) Impacted

Vendor	Product	Versions
Dell	Powerprotect Data Domain Data Domain Operating System	<8.3.0.15 <8.3.0.15

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-1220

Insufficient Granularity of Access Control

The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	dell	powerprotect_data_domain	<8.3.0.15	/	/	/	/	/	/	/
a	dell	data_domain_operating_system	<8.3.0.15	/	/	/	/	/	/	/

References

https://www.dell.com/support/kbdoc/en-us/000300899/dsa-2025-139-dell-technologies-powerprotect-data-domain-security-update-for-a-security-vulnerability

CVSS Score

8.8 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: LOW
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

View Vector String

Timeline

Published: April 3, 2025, 4:15 p.m.
Last Modified: April 3, 2025, 4:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security_alert@emc.com

CVE-2025-29987