CVE-2025-30096 is an OS Command Injection vulnerability identified in Dell PowerProtect Data Domain products running specific versions of the Data Domain Operating System (DD OS). The affected versions include Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release versions 7.13.1.0 through 7.13.1.25, and LTS 2023 release versions 7.10.1.0 through 7.10.1.50. The vulnerability resides in the DDSH CLI component, which is a command-line interface used for managing the Data Domain system. This flaw is categorized under CWE-78, which involves improper neutralization of special elements used in OS commands, allowing an attacker to inject arbitrary commands. Exploitation requires the attacker to have high privileges and local access to the system. Upon successful exploitation, the attacker can execute arbitrary commands with root privileges, potentially compromising the confidentiality, integrity, and availability of the system. The CVSS v3.1 base score is 6.7, indicating a medium severity level. The vector string (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) indicates that the attack vector is local, requires low attack complexity, high privileges, no user interaction, and impacts confidentiality, integrity, and availability with high severity. No known exploits are currently reported in the wild, and no patches are linked in the provided data, suggesting that mitigation may require vendor updates or configuration changes. This vulnerability is critical for environments relying on Dell PowerProtect Data Domain for backup and data protection, as root-level command execution can lead to full system compromise, data theft, or destruction.

For European organizations, the impact of this vulnerability can be significant, especially for enterprises and service providers that use Dell PowerProtect Data Domain systems for backup and disaster recovery. Successful exploitation could lead to unauthorized root-level access, enabling attackers to manipulate backup data, disrupt backup operations, or use the compromised system as a pivot point for further network intrusion. This could result in data loss, regulatory non-compliance (e.g., GDPR violations due to data integrity or confidentiality breaches), and operational downtime. Given the critical role of backup systems in business continuity, exploitation could severely affect sectors such as finance, healthcare, telecommunications, and government agencies across Europe. The requirement for local high-privileged access somewhat limits remote exploitation but raises concerns about insider threats or attackers who have already gained initial footholds in the network. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate the potential for future exploitation, especially as threat actors often target backup infrastructure for ransomware or espionage activities.

1. Immediate mitigation should include restricting local access to the DDSH CLI to only trusted administrators and monitoring for unusual command-line activity. 2. Implement strict access controls and multi-factor authentication for administrative accounts to reduce the risk of privilege misuse. 3. Regularly audit and review user privileges to ensure no unnecessary high-privilege accounts exist on the system. 4. Apply any available vendor patches or updates as soon as Dell releases them for the affected DD OS versions. 5. If patches are not yet available, consider isolating affected systems within segmented network zones with limited access to reduce the attack surface. 6. Employ host-based intrusion detection systems (HIDS) to detect anomalous command executions or privilege escalations. 7. Maintain comprehensive logging and monitoring of all administrative activities on the Data Domain systems to facilitate rapid incident response. 8. Conduct security awareness training to mitigate insider threats and ensure administrators follow best practices when accessing critical infrastructure.