PT-2025-31815 · Dell · Dell Powerprotect Data Domain

Published

2025-07-31

Updated

2025-08-04

CVE-2025-30098

Report an issue

CVSS v2.0

6.8

Vector

AV:L/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions:

Dell PowerProtect Data Domain versions 7.7.1.0 through 8.1.0.10

Dell PowerProtect Data Domain versions 7.13.1.0 through 7.13.1.25

Dell PowerProtect Data Domain versions 7.10.1.0 through 7.10.1.50

Description:

The Dell PowerProtect Data Domain contains an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.

Recommendations:

Update to a version beyond 8.1.0.10.

Update to a version beyond 7.13.1.25.

Update to a version beyond 7.10.1.50.

Fix

OS Command Injection

Weakness Enumeration

CWE-78

Related Identifiers

BDU:2025-09424

CVE-2025-30098

Affected Products

Dell Powerprotect Data Domain

PT-2025-31815 · Dell · Dell Powerprotect Data Domain

Weakness Enumeration

Related Identifiers

Affected Products

References · 4