CVE-2025-36566 – This CVE describes an OS command injection vuln... (How to Fix)

Q: What is the severity of CVE-2025-36566?

CVE-2025-36566 has a CVSS score of 6.7 (MEDIUM). This CVE describes an OS command injection vulnerability in Dell PowerProtect Data Domain systems running affected DD OS versions. A high-privileged attacker with local access could execute arbitrary commands, potentially escalating to root privileges. Organizations using vulnerable Dell Data Domain backup appliances are affected.

📋 TL;DR

This CVE describes an OS command injection vulnerability in Dell PowerProtect Data Domain systems running affected DD OS versions. A high-privileged attacker with local access could execute arbitrary commands, potentially escalating to root privileges. Organizations using vulnerable Dell Data Domain backup appliances are affected.

💻 Affected Systems

Products:

Dell PowerProtect Data Domain

Versions: DD OS Feature Release 7.7.1.0 through 8.1.0.10, LTS2024 7.13.1.0 through 7.13.1.25, LTS 2023 7.10.1.0 through 7.10.1.50

Operating Systems: Data Domain Operating System (DD OS)

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with local high-privileged user access. Requires attacker to already have elevated local privileges.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Root compromise of the Data Domain system allowing complete control over backup infrastructure, data exfiltration, or destruction of backup data.

🟠

Likely Case

Privilege escalation from a high-privileged local user to root, enabling persistence, lateral movement, or backup data manipulation.

🟢

If Mitigated

Limited impact due to strict access controls, network segmentation, and monitoring preventing local attacker access.

🌐 Internet-Facing: LOW - Requires local access, not remotely exploitable over network.

🏢 Internal Only: HIGH - Local attackers with high privileges can exploit this to gain root access on critical backup infrastructure.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local high-privileged access. No public exploit details available. CVSS 6.7 indicates moderate exploit complexity.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply updates per Dell advisory DSA-2025-159

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000348708/dsa-2025-159-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities

Restart Required: No

Instructions:

1. Review Dell advisory DSA-2025-159. 2. Download appropriate patches from Dell Support. 3. Apply updates following Dell's documented procedures for Data Domain systems. 4. Verify patch application and system functionality.

🔧 Temporary Workarounds

Restrict Local Access

all

Limit local administrative access to Data Domain systems to only essential personnel.

Implement Least Privilege

all

Review and reduce local user privileges to minimum required for operations.

🧯 If You Can't Patch

Implement strict access controls limiting who can log into Data Domain systems locally
Enhance monitoring and logging of local user activities and command execution

🔍 How to Verify

Check if Vulnerable:

Check DD OS version using 'version' command in Data Domain CLI and compare to affected ranges.

Check Version:

version

Verify Fix Applied:

Verify version is updated beyond affected ranges and check Dell advisory for specific fixed versions.

📡 Detection & Monitoring

Log Indicators:

Unusual command execution patterns by local users
Privilege escalation attempts
Unexpected root-level activities

Network Indicators:

Not network exploitable - focus on host-based detection

SIEM Query:

Search for Data Domain system logs showing command injection patterns or privilege escalation from local users.

📊 Metadata

CVE ID: CVE-2025-36566

CVSS v3 Score: 6.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

EPSS Score: 0.04% exploit probability (9.7th percentile)

Published: October 7, 2025

Last Updated: October 14, 2025

🔗 References

https://www.dell.com/support/kbdoc/en-us/000348708/dsa-2025-159-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-36566, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Data Domain Operating System by Dell

Data Domain Operating System by Dell

Data Domain Operating System by Dell

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict Local Access

Implement Least Privilege

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities