CVE-2025-30099 – This CVE describes an OS command injection vuln... (How to Fix)

Q: What is the severity of CVE-2025-30099?

CVE-2025-30099 has a CVSS score of 7.8 (HIGH). This CVE describes an OS command injection vulnerability in Dell PowerProtect Data Domain's DDSH CLI. Attackers with local low-privileged access can execute arbitrary commands with root privileges. Affected systems include Dell PowerProtect Data Domain with DD OS versions 7.7.1.0 through 8.1.0.10 and specific LTS releases.

📋 TL;DR

This CVE describes an OS command injection vulnerability in Dell PowerProtect Data Domain's DDSH CLI. Attackers with local low-privileged access can execute arbitrary commands with root privileges. Affected systems include Dell PowerProtect Data Domain with DD OS versions 7.7.1.0 through 8.1.0.10 and specific LTS releases.

💻 Affected Systems

Products:

Dell PowerProtect Data Domain

Versions: Feature Release 7.7.1.0 through 8.1.0.10, LTS2024 7.13.1.0 through 7.13.1.25, LTS 2023 7.10.1.0 through 7.10.1.50

Operating Systems: Data Domain Operating System (DD OS)

Default Config Vulnerable: ⚠️ Yes

Notes: Requires local access with low-privileged user credentials. DDSH CLI must be accessible to the attacker.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with root-level command execution, allowing data theft, system destruction, or lateral movement.

🟠

Likely Case

Privilege escalation from low-privileged user to root, enabling unauthorized administrative actions.

🟢

If Mitigated

Limited impact if proper access controls restrict local user access and network segmentation is enforced.

🌐 Internet-Facing: LOW (requires local access, not remotely exploitable)

🏢 Internal Only: HIGH (local attackers can gain root privileges)

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW (command injection with local access)

Exploitation requires authenticated local access. No public exploit code is known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to versions beyond affected ranges as specified in Dell advisory

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000348708/dsa-2025-159-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities

Restart Required: Yes

Instructions:

1. Review Dell advisory DSA-2025-159. 2. Download appropriate patches from Dell Support. 3. Apply updates following Dell's documented procedures. 4. Reboot system as required.

🔧 Temporary Workarounds

Restrict Local User Access

all

Limit local user accounts to trusted personnel only and enforce least privilege.

Network Segmentation

all

Isolate Data Domain systems from general user networks to reduce attack surface.

🧯 If You Can't Patch

Implement strict access controls to prevent unauthorized local user access.
Monitor system logs for unusual command execution or privilege escalation attempts.

🔍 How to Verify

Check if Vulnerable:

Check DD OS version using 'ddos version' command and compare with affected ranges.

Check Version:

ddos version

Verify Fix Applied:

Verify version is updated beyond affected ranges and test DDSH CLI functionality.

📡 Detection & Monitoring

Log Indicators:

Unusual command execution via DDSH CLI
Privilege escalation attempts
Root-level commands from non-admin users

Network Indicators:

Local authentication attempts followed by administrative actions

SIEM Query:

Search for 'DDSH' command execution patterns or root privilege changes from low-privileged users.

📊 Metadata

CVE ID: CVE-2025-30099

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

EPSS Score: 0.03% exploit probability (7.2th percentile)

Published: August 4, 2025

Last Updated: October 16, 2025

🔗 References

https://www.dell.com/support/kbdoc/en-us/000348708/dsa-2025-159-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-30099, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Data Domain Operating System by Dell

Data Domain Operating System by Dell

Data Domain Operating System by Dell

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict Local User Access

Network Segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities