Details of VAR-202508-1700

ID

VAR-202508-1700

CVE

CVE-2025-30098

TITLE

Dell PowerProtect Data Domain Operating System Command Injection Vulnerability (CNVD-2025-22716)

Trust: 0.6

sources: CNVD: CNVD-2025-22716

DESCRIPTION

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges. Dell PowerProtect Data Domain (Dell PowerProtect DD) is a set of hardware appliances from Dell for data protection, backup, storage, and deduplication

Trust: 1.44

sources: NVD: CVE-2025-30098 // CNVD: CNVD-2025-22716

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-22716

AFFECTED PRODUCTS

vendor:	dell	model:	data domain operating system	scope:	gte	version:	7.7.1.0	Trust: 1.0
vendor:	dell	model:	data domain operating system	scope:	lt	version:	7.13.1.30	Trust: 1.0
vendor:	dell	model:	data domain operating system	scope:	gte	version:	7.11.0.0	Trust: 1.0
vendor:	dell	model:	data domain operating system	scope:	gte	version:	8.0.0.0	Trust: 1.0
vendor:	dell	model:	data domain operating system	scope:	lt	version:	7.10.1.60	Trust: 1.0
vendor:	dell	model:	data domain operating system	scope:	lt	version:	8.3.0.10	Trust: 1.0
vendor:	dell	model:	powerprotect data domain	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-22716 // NVD: CVE-2025-30098

CVSS

SEVERITY

CVSSV2

CVSSV3

security_alert@emc.com:	CVE-2025-30098
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2025-22716
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-22716
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:L/AC:L/AU:M/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	2.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

security_alert@emc.com:	CVE-2025-30098
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-22716 // NVD: CVE-2025-30098

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.0

sources: NVD: CVE-2025-30098

PATCH

title:

Patch for Dell PowerProtect Data Domain Operating System Command Injection Vulnerability (CNVD-2025-22716)

url:

https://www.cnvd.org.cn/patchInfo/show/738276

Trust: 0.6

sources: CNVD: CNVD-2025-22716

EXTERNAL IDS

db:	NVD	id:	CVE-2025-30098	Trust: 1.6
db:	CNVD	id:	CNVD-2025-22716	Trust: 0.6

sources: CNVD: CNVD-2025-22716 // NVD: CVE-2025-30098

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000348708/dsa-2025-159-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-30098	Trust: 0.6

sources: CNVD: CNVD-2025-22716 // NVD: CVE-2025-30098

SOURCES

db:	CNVD	id:	CNVD-2025-22716
db:	NVD	id:	CVE-2025-30098

LAST UPDATE DATE

2025-10-16T23:26:37.603000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-22716	date:	2025-09-28T00:00:00
db:	NVD	id:	CVE-2025-30098	date:	2025-10-16T14:41:47.683

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-22716	date:	2025-09-28T00:00:00
db:	NVD	id:	CVE-2025-30098	date:	2025-08-04T15:15:31.723