Details of VAR-202508-0985

ID

VAR-202508-0985

CVE

CVE-2025-30097

TITLE

Dell PowerProtect Data Domain Operating System Command Injection Vulnerability (CNVD-2025-22718)

Trust: 0.6

sources: CNVD: CNVD-2025-22718

DESCRIPTION

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges. Dell PowerProtect Data Domain (Dell PowerProtect DD) is a set of hardware appliances from Dell for data protection, backup, storage, and deduplication

Trust: 1.44

sources: NVD: CVE-2025-30097 // CNVD: CNVD-2025-22718

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-22718

AFFECTED PRODUCTS

vendor:	dell	model:	data domain operating system	scope:	gte	version:	7.7.1.0	Trust: 1.0
vendor:	dell	model:	data domain operating system	scope:	lt	version:	7.13.1.30	Trust: 1.0
vendor:	dell	model:	data domain operating system	scope:	gte	version:	7.11.0.0	Trust: 1.0
vendor:	dell	model:	data domain operating system	scope:	gte	version:	8.0.0.0	Trust: 1.0
vendor:	dell	model:	data domain operating system	scope:	lt	version:	7.10.1.60	Trust: 1.0
vendor:	dell	model:	data domain operating system	scope:	lt	version:	8.3.0.10	Trust: 1.0
vendor:	dell	model:	powerprotect data domain	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-22718 // NVD: CVE-2025-30097

CVSS

SEVERITY

CVSSV2

CVSSV3

security_alert@emc.com:	CVE-2025-30097
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2025-22718
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-22718
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:L/AC:L/AU:M/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	2.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

security_alert@emc.com:	CVE-2025-30097
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-22718 // NVD: CVE-2025-30097

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.0

sources: NVD: CVE-2025-30097

PATCH

title:

Patch for Dell PowerProtect Data Domain Operating System Command Injection Vulnerability (CNVD-2025-22718)

url:

https://www.cnvd.org.cn/patchInfo/show/738281

Trust: 0.6

sources: CNVD: CNVD-2025-22718

EXTERNAL IDS

db:	NVD	id:	CVE-2025-30097	Trust: 1.6
db:	CNVD	id:	CNVD-2025-22718	Trust: 0.6

sources: CNVD: CNVD-2025-22718 // NVD: CVE-2025-30097

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000348708/dsa-2025-159-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-30097	Trust: 0.6

sources: CNVD: CNVD-2025-22718 // NVD: CVE-2025-30097

SOURCES

db:	CNVD	id:	CNVD-2025-22718
db:	NVD	id:	CVE-2025-30097

LAST UPDATE DATE

2025-10-16T23:51:00.437000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-22718	date:	2025-09-28T00:00:00
db:	NVD	id:	CVE-2025-30097	date:	2025-10-16T14:41:32.847

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-22718	date:	2025-09-28T00:00:00
db:	NVD	id:	CVE-2025-30097	date:	2025-08-04T15:15:31.560