Details of VAR-202508-1481

ID

VAR-202508-1481

CVE

CVE-2025-30096

TITLE

Dell PowerProtect Data Domain Operating System Command Injection Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-22715

DESCRIPTION

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges. Dell PowerProtect Data Domain (Dell PowerProtect DD) is a set of hardware appliances from Dell for data protection, backup, storage, and deduplication

Trust: 1.44

sources: NVD: CVE-2025-30096 // CNVD: CNVD-2025-22715

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-22715

AFFECTED PRODUCTS

vendor:	dell	model:	data domain operating system	scope:	gte	version:	7.7.1.0	Trust: 1.0
vendor:	dell	model:	data domain operating system	scope:	lt	version:	7.13.1.30	Trust: 1.0
vendor:	dell	model:	data domain operating system	scope:	gte	version:	7.11.0.0	Trust: 1.0
vendor:	dell	model:	data domain operating system	scope:	gte	version:	8.0.0.0	Trust: 1.0
vendor:	dell	model:	data domain operating system	scope:	lt	version:	7.10.1.60	Trust: 1.0
vendor:	dell	model:	data domain operating system	scope:	lt	version:	8.3.0.10	Trust: 1.0
vendor:	dell	model:	powerprotect data domain	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-22715 // NVD: CVE-2025-30096

CVSS

SEVERITY

CVSSV2

CVSSV3

security_alert@emc.com:	CVE-2025-30096
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2025-22715
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-22715
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:L/AC:L/AU:M/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	2.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

security_alert@emc.com:	CVE-2025-30096
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-22715 // NVD: CVE-2025-30096

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.0

sources: NVD: CVE-2025-30096

PATCH

title:

Patch for Dell PowerProtect Data Domain Operating System Command Injection Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/738261

Trust: 0.6

sources: CNVD: CNVD-2025-22715

EXTERNAL IDS

db:	NVD	id:	CVE-2025-30096	Trust: 1.6
db:	CNVD	id:	CNVD-2025-22715	Trust: 0.6

sources: CNVD: CNVD-2025-22715 // NVD: CVE-2025-30096

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000348708/dsa-2025-159-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-30096	Trust: 0.6

sources: CNVD: CNVD-2025-22715 // NVD: CVE-2025-30096

SOURCES

db:	CNVD	id:	CNVD-2025-22715
db:	NVD	id:	CVE-2025-30096

LAST UPDATE DATE

2025-10-16T23:52:29.826000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-22715	date:	2025-09-28T00:00:00
db:	NVD	id:	CVE-2025-30096	date:	2025-10-16T14:41:24.990

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-22715	date:	2025-09-28T00:00:00
db:	NVD	id:	CVE-2025-30096	date:	2025-08-04T15:15:31.397