CVE-2025-36569 – This CVE describes an OS command injection vuln... (How to Fix)

Q: What is the severity of CVE-2025-36569?

CVE-2025-36569 has a CVSS score of 6.7 (MEDIUM). This CVE describes an OS command injection vulnerability in Dell PowerProtect Data Domain systems running affected DD OS versions. A high-privileged attacker with local access could execute arbitrary commands with root privileges. Organizations using vulnerable Dell PowerProtect Data Domain systems are affected.

📋 TL;DR

This CVE describes an OS command injection vulnerability in Dell PowerProtect Data Domain systems running affected DD OS versions. A high-privileged attacker with local access could execute arbitrary commands with root privileges. Organizations using vulnerable Dell PowerProtect Data Domain systems are affected.

💻 Affected Systems

Products:

Dell PowerProtect Data Domain

Versions: Feature Release 7.7.1.0 through 8.1.0.10, LTS2024 7.13.1.0 through 7.13.1.25, LTS 2023 7.10.1.0 through 7.10.1.50

Operating Systems: Data Domain Operating System (DD OS)

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with high-privileged local users; requires attacker to already have elevated access on the system.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with root-level access, allowing data theft, system destruction, or lateral movement to other systems.

🟠

Likely Case

Privilege escalation leading to unauthorized administrative access, configuration changes, or data exfiltration from the backup system.

🟢

If Mitigated

Limited impact due to network segmentation, strict access controls, and monitoring preventing local attacker access.

🌐 Internet-Facing: LOW - Requires local access, not remotely exploitable over network.

🏢 Internal Only: HIGH - High-privileged insiders or compromised accounts with local access could exploit this for full system control.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires high-privileged local access; command injection vulnerability suggests exploitation may involve crafted inputs to system commands.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply updates per Dell advisory DSA-2025-159

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000348708/dsa-2025-159-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities

Restart Required: No

Instructions:

1. Review Dell advisory DSA-2025-159. 2. Download appropriate patches from Dell support portal. 3. Apply updates following Dell's documented procedures for Data Domain systems. 4. Verify patch application and system functionality.

🔧 Temporary Workarounds

Restrict Local Access

all

Limit local system access to only essential administrative personnel using strict access controls.

🧯 If You Can't Patch

Implement strict access controls and monitoring for high-privileged accounts
Segment Data Domain systems from general network access and implement network isolation

🔍 How to Verify

Check if Vulnerable:

Check DD OS version using 'ddos version' command and compare against affected ranges.

Check Version:

ddos version

Verify Fix Applied:

Verify updated version is outside affected ranges and check Dell advisory for specific fixed versions.

📡 Detection & Monitoring

Log Indicators:

Unusual command execution patterns by privileged users
Unexpected system configuration changes
Suspicious process creation with root privileges

Network Indicators:

Unusual outbound connections from Data Domain system
Unexpected administrative traffic patterns

SIEM Query:

source="DataDomain" AND (event_type="command_execution" AND user="root") OR (process_name="unusual_command" AND privilege="elevated")

📊 Metadata

CVE ID: CVE-2025-36569

CVSS v3 Score: 6.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

EPSS Score: 0.03% exploit probability (7.3th percentile)

Published: October 7, 2025

Last Updated: October 14, 2025

🔗 References

https://www.dell.com/support/kbdoc/en-us/000348708/dsa-2025-159-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-36569, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Data Domain Operating System by Dell

Data Domain Operating System by Dell

Data Domain Operating System by Dell

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict Local Access

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities