CVE-2025-30096 – This CVE describes an OS command injection vuln... (How to Fix)

Q: What is the severity of CVE-2025-30096?

CVE-2025-30096 has a CVSS score of 6.7 (MEDIUM). This CVE describes an OS command injection vulnerability in Dell PowerProtect Data Domain's DDSH CLI. A high-privileged attacker with local access can execute arbitrary commands with root privileges. Affected systems include Dell PowerProtect Data Domain with DD OS versions 7.7.1.0 through 8.1.0.10, LTS2024 versions 7.13.1.0 through 7.13.1.25, and LTS 2023 versions 7.10.1.0 through 7.10.1.50.

📋 TL;DR

This CVE describes an OS command injection vulnerability in Dell PowerProtect Data Domain's DDSH CLI. A high-privileged attacker with local access can execute arbitrary commands with root privileges. Affected systems include Dell PowerProtect Data Domain with DD OS versions 7.7.1.0 through 8.1.0.10, LTS2024 versions 7.13.1.0 through 7.13.1.25, and LTS 2023 versions 7.10.1.0 through 7.10.1.50.

💻 Affected Systems

Products:

Dell PowerProtect Data Domain

Versions: DD OS Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 versions 7.13.1.0 through 7.13.1.25, LTS 2023 versions 7.10.1.0 through 7.10.1.50

Operating Systems: Data Domain Operating System (DD OS)

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems where high-privileged local users have access to DDSH CLI. Requires local access to exploit.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with root-level access, allowing data theft, system destruction, or lateral movement to other systems.

🟠

Likely Case

Privilege escalation from high-privileged local user to root, enabling unauthorized administrative actions on the Data Domain system.

🟢

If Mitigated

Limited impact if proper access controls restrict local access to only trusted administrators and network segmentation is implemented.

🌐 Internet-Facing: LOW - Requires local access to exploit, not remotely exploitable.

🏢 Internal Only: HIGH - High-privileged internal users or compromised accounts could exploit this to gain root access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires high-privileged local access and knowledge of command injection techniques. No public exploit available as of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to versions beyond the affected ranges: Feature Release >8.1.0.10, LTS2024 >7.13.1.25, LTS 2023 >7.10.1.50

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000348708/dsa-2025-159-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities

Restart Required: No

Instructions:

1. Review Dell advisory DSA-2025-159. 2. Download appropriate patch from Dell support portal. 3. Apply patch following Dell's update procedures. 4. Verify version update without requiring system restart.

🔧 Temporary Workarounds

Restrict Local Access

all

Limit local access to Data Domain systems to only essential, trusted administrators.

Monitor DDSH CLI Usage

all

Implement logging and monitoring for DDSH CLI commands to detect suspicious activity.

🧯 If You Can't Patch

Implement strict access controls to limit local access to only essential administrators
Enable comprehensive logging of all DDSH CLI commands and monitor for unusual patterns

🔍 How to Verify

Check if Vulnerable:

Check DD OS version using 'ddos version' command and compare against affected version ranges.

Check Version:

ddos version

Verify Fix Applied:

Verify DD OS version is beyond affected ranges: Feature Release >8.1.0.10, LTS2024 >7.13.1.25, LTS 2023 >7.10.1.50

📡 Detection & Monitoring

Log Indicators:

Unusual DDSH CLI command patterns
Commands with special characters or shell metacharacters in DDSH logs
Multiple failed command attempts followed by successful execution

Network Indicators:

Not applicable - local exploitation only

SIEM Query:

source="ddos_logs" AND (command="*;*" OR command="*|*" OR command="*`*" OR command="*$(*" OR command="*&*" OR command="*>" OR command="*<*")

📊 Metadata

CVE ID: CVE-2025-30096

CVSS v3 Score: 6.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

EPSS Score: 0.01% exploit probability (2.1th percentile)

Published: August 4, 2025

Last Updated: October 16, 2025

🔗 References

https://www.dell.com/support/kbdoc/en-us/000348708/dsa-2025-159-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-30096, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Data Domain Operating System by Dell

Data Domain Operating System by Dell

Data Domain Operating System by Dell

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict Local Access

Monitor DDSH CLI Usage

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities