CVE-2025-29987

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root privileges.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000300899/dsa-2025-139-dell-technologies-powerprotect-data-domain-security-update-for-a-security-vulnerability	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:dell:powerprotect_data_domain:::::lts:::*
	cpe:2.3:o:dell:data_domain_operating_system::::::::
	cpe:2.3:o:dell:data_domain_operating_system::::::::
	cpe:2.3:o:dell:data_domain_operating_system::::::::

Configuration 2 (hide)

AND

cpe:2.3:o:dell:powerprotect_dm5500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:powerprotect_dm5500:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-04-03 16:15

Updated : 2026-01-22 20:53

NVD link : CVE-2025-29987

Mitre link : CVE-2025-29987

CVE.ORG link : CVE-2025-29987

JSON object : View

Products Affected

dell

powerprotect_dm5500
powerprotect_data_domain
data_domain_operating_system
powerprotect_dm5500_firmware

CWE

CWE-1220

Insufficient Granularity of Access Control

NVD-CWE-Other

{"id": "CVE-2025-29987", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2025-04-03T16:15:36.420", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000300899/dsa-2025-139-dell-technologies-powerprotect-data-domain-security-update-for-a-security-vulnerability", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-1220"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root privileges."}, {"lang": "es", "value": "Las versiones de Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) anteriores a la 8.3.0.15 presentan una vulnerabilidad de control de acceso con granularidad insuficiente. Un usuario autenticado de un cliente remoto de confianza podr\u00eda aprovechar esta vulnerabilidad para ejecutar comandos arbitrarios con privilegios de root."}], "lastModified": "2026-01-22T20:53:27.770", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:powerprotect_data_domain:*:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "F86F2074-D522-4CF7-BE0C-F211FDD19344", "versionEndExcluding": "7.10.1.60"}, {"criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29E08B01-7808-45DD-82E0-FCA75113F822", "versionEndExcluding": "7.10.1.60", "versionStartIncluding": "7.10.1.0"}, {"criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8280B59-5A9F-43B2-8F79-FB3C5E374A88", "versionEndExcluding": "7.13.1.25", "versionStartIncluding": "7.13.1.0"}, {"criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99AB8E9D-51E5-45F6-8C03-D0AFBDA203FA", "versionEndExcluding": "8.3.0.15", "versionStartIncluding": "8.3.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:powerprotect_dm5500_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB41A99B-FEA7-47E2-B819-82AC0E089C72", "versionEndExcluding": "5.19.0.0", "versionStartIncluding": "5.12"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:powerprotect_dm5500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A4202214-1F62-4F67-B39C-0F7A02DADB85"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security_alert@emc.com"}