Details of VAR-202504-0591

ID

VAR-202504-0591

CVE

CVE-2025-29987

TITLE

Vulnerabilities related to insufficient granularity of access control in products from multiple vendors, including Dell

Trust: 0.8

sources: JVNDB: JVNDB-2025-025360

DESCRIPTION

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root privileges. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software. Dell PowerProtect Data Domain is a data protection storage device launched by Dell Technologies. It is built on the Data Domain platform and is designed to build a network resilience foundation and achieve rapid data recovery. The vulnerability is caused by insufficient access control granularity

Trust: 2.16

sources: NVD: CVE-2025-29987 // JVNDB: JVNDB-2025-025360 // CNVD: CNVD-2025-15242

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-15242

AFFECTED PRODUCTS

vendor:	dell	model:	data domain operating system	scope:	lt	version:	7.13.1.25	Trust: 1.0
vendor:	dell	model:	data domain operating system	scope:	lt	version:	7.10.1.60	Trust: 1.0
vendor:	dell	model:	powerprotect dm5500	scope:	gte	version:	5.12	Trust: 1.0
vendor:	dell	model:	data domain operating system	scope:	gte	version:	7.10.1.0	Trust: 1.0
vendor:	dell	model:	data domain operating system	scope:	gte	version:	7.13.1.0	Trust: 1.0
vendor:	dell	model:	data domain operating system	scope:	gte	version:	8.3.0.0	Trust: 1.0
vendor:	dell	model:	powerprotect dm5500	scope:	lt	version:	5.19.0.0	Trust: 1.0
vendor:	dell	model:	data domain operating system	scope:	lt	version:	8.3.0.15	Trust: 1.0
vendor:	dell	model:	powerprotect data domain	scope:	lt	version:	7.10.1.60	Trust: 1.0
vendor:	デル	model:	powerprotect data domain	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	powerprotect dm5500	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	data domain operating system	scope:	-	version:	-	Trust: 0.8
vendor:	dell	model:	powerprotect data domain	scope:	lt	version:	8.3.0.15	Trust: 0.6

sources: CNVD: CNVD-2025-15242 // JVNDB: JVNDB-2025-025360 // NVD: CVE-2025-29987

CVSS

SEVERITY

CVSSV2

CVSSV3

security_alert@emc.com:	CVE-2025-29987
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-025360
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-15242
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-15242
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

security_alert@emc.com:	CVE-2025-29987
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-025360
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-15242 // JVNDB: JVNDB-2025-025360 // NVD: CVE-2025-29987

PROBLEMTYPE DATA

problemtype:	CWE-1220	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	Insufficient granularity of access control (CWE-1220) [ others ]	Trust: 0.8
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-025360 // NVD: CVE-2025-29987

PATCH

title:	DSA-2025-139	url:	https://www.dell.com/support/kbdoc/en-us/000300899/dsa-2025-139-dell-technologies-powerprotect-data-domain-security-update-for-a-security-vulnerability	Trust: 0.8
title:	Patch for Dell PowerProtect Data Domain Access Control Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/705431	Trust: 0.6

sources: CNVD: CNVD-2025-15242 // JVNDB: JVNDB-2025-025360

EXTERNAL IDS

db:	NVD	id:	CVE-2025-29987	Trust: 3.2
db:	JVNDB	id:	JVNDB-2025-025360	Trust: 0.8
db:	CNVD	id:	CNVD-2025-15242	Trust: 0.6

sources: CNVD: CNVD-2025-15242 // JVNDB: JVNDB-2025-025360 // NVD: CVE-2025-29987

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2025-29987	Trust: 1.4
url:	https://www.dell.com/support/kbdoc/en-us/000300899/dsa-2025-139-dell-technologies-powerprotect-data-domain-security-update-for-a-security-vulnerability	Trust: 1.0

sources: CNVD: CNVD-2025-15242 // JVNDB: JVNDB-2025-025360 // NVD: CVE-2025-29987

SOURCES

db:	CNVD	id:	CNVD-2025-15242
db:	JVNDB	id:	JVNDB-2025-025360
db:	NVD	id:	CVE-2025-29987

LAST UPDATE DATE

2026-01-29T23:43:07.188000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-15242	date:	2025-07-08T00:00:00
db:	JVNDB	id:	JVNDB-2025-025360	date:	2026-01-27T08:41:00
db:	NVD	id:	CVE-2025-29987	date:	2026-01-22T20:53:27.770

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-15242	date:	2025-07-07T00:00:00
db:	JVNDB	id:	JVNDB-2025-025360	date:	2026-01-27T00:00:00
db:	NVD	id:	CVE-2025-29987	date:	2025-04-03T16:15:36.420