CVE-2025-36567
📋 TL;DR
This CVE describes an OS command injection vulnerability in Dell PowerProtect Data Domain systems. A high-privileged attacker with local access can execute arbitrary commands, potentially escalating to root privileges. Organizations running affected Data Domain Operating System versions are at risk.
💻 Affected Systems
- Dell PowerProtect Data Domain
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attacker gains full root control over the Data Domain system, allowing data theft, destruction, or use as a pivot point to other systems.
Likely Case
Privileged insider or compromised admin account executes malicious commands to disrupt operations or exfiltrate data.
If Mitigated
Attack is contained to the local system with minimal impact due to network segmentation and strict access controls.
🎯 Exploit Status
Exploitation requires local access and high privileges, making it less accessible but dangerous for insiders.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Update to versions beyond the affected ranges as specified in Dell advisory DSA-2025-159
Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000348708/dsa-2025-159-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities
Restart Required: No
Instructions:
1. Review Dell advisory DSA-2025-159. 2. Download appropriate patches from Dell support. 3. Apply patches following Dell's documented procedures. 4. Verify system functionality post-update.
🔧 Temporary Workarounds
Restrict Local Access
allLimit local access to only essential administrative personnel using strict access controls.
🧯 If You Can't Patch
- Implement strict principle of least privilege for all local accounts.
- Monitor and audit all local administrative activities on Data Domain systems.
🔍 How to Verify
Check if Vulnerable:
Check DD OS version via system administration interface or CLI commands.Check Version:
Use 'version' command in Data Domain CLI or check via web interface.Verify Fix Applied:
Confirm DD OS version is outside affected ranges after applying Dell patches.📡 Detection & Monitoring
Log Indicators:
- Unusual command execution patterns in system logs
- Privilege escalation attempts
Network Indicators:
- None - this is a local attack vector
SIEM Query:
Search for anomalous process execution or privilege changes on Data Domain systems.