Dell PowerProtect Flaw Allows Remote Attackers to Execute Arbitrary Commands

Dell Technologies has released a security update addressing a critical vulnerability (CVE-2025-29987) in its PowerProtect Data Domain Operating System (DD OS).

The vulnerability allows authenticated attackers to execute arbitrary commands with root privileges, posing a high security risk. Users are strongly urged to update their systems to the latest remediated versions to protect against potential exploitation.

An insufficient granularity of access control vulnerability in the Dell PowerProtect Data Domain Operating System (DD OS) enables an authenticated user from a trusted remote client to execute arbitrary commands with root privileges.

CVSS Base Score: 8.8 (High) and the Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Dell has categorized the impact of this vulnerability as High. If exploited, attackers could gain complete control over the affected system, endangering the confidentiality, integrity, and availability of sensitive data stored on affected devices.

Affected Products

The following table provides a detailed overview of the affected products, their vulnerable versions, and the remediated versions available to mitigate this vulnerability:

CVE	Product	Affected Versions	Remediated Versions
CVE-2025-29987	DD OS 8.3	v7.7.1.0 – v8.3.0.10	v8.3.0.15 or later
CVE-2025-29987	DD OS 7.13.1	v7.13.1.0 – v7.13.1.20	v7.13.1.25 or later
CVE-2025-29987	DD OS 7.10.1	v7.10.1.0 – v7.10.1.50	v7.10.1.60 or later
CVE-2025-29987	PowerProtect DP Series Appliance (IDPA)	v2.7.6, v2.7.7, v2.7.8	DD OS v7.10.1.60
CVE-2025-29987	Disk Library for Mainframe DLm8500/DLm8700	v5.4.0.0 – DLm 7.0.0.0	v7.10.1.60 or later

Remediation Steps

1. Identify whether your system runs on one of the affected versions.
2. Download your respective product’s remediated software or firmware from Dell Drivers & Downloads.
3. Follow the instructions in the relevant Knowledge Base (KB) articles to upgrade the DD OS to a secure version.
4. Test the system post-upgrade to ensure functionality and address any potential false positives generated by security scanners.

Dell Technologies urges every affected customer to act immediately and upgrade their system to the remediated versions.

Regularly monitor Dell security advisories and maintain proper change control for updates in production environments.

Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!