CVE-2025-30097 is an OS Command Injection vulnerability (CWE-78) found in Dell PowerProtect Data Domain's Data Domain Operating System (DD OS) across multiple Feature Release versions (7.7.1.0 through 8.1.0.10), as well as LTS2024 and LTS2023 releases. The vulnerability resides specifically in the DDSH CLI interface, which is used for command-line management of the system. Improper neutralization of special elements in OS commands allows a high-privileged attacker with local access to inject arbitrary commands. Successful exploitation enables execution of arbitrary commands with root privileges, potentially compromising the confidentiality, integrity, and availability of the affected system. The vulnerability requires local access and high privileges to exploit, and no user interaction is needed once access is obtained. The CVSS v3.1 base score is 6.7 (medium severity), reflecting the combination of local attack vector, low attack complexity, high privileges required, and high impact on confidentiality, integrity, and availability. No known exploits are currently reported in the wild, and no patch links are provided in the data, indicating that mitigation may require vendor updates or configuration changes. This vulnerability is critical for environments relying on Dell PowerProtect Data Domain for data backup and recovery, as root-level compromise could lead to data theft, destruction, or disruption of backup services.

For European organizations, this vulnerability poses a significant risk to data protection and business continuity, especially for enterprises and service providers using Dell PowerProtect Data Domain for backup and disaster recovery. Exploitation could lead to unauthorized access to sensitive backup data, manipulation or deletion of backups, and potential disruption of recovery operations. This is particularly concerning given the strict data protection regulations in Europe, such as GDPR, where data breaches can result in heavy fines and reputational damage. The requirement for local high-privileged access somewhat limits remote exploitation but insider threats or attackers who gain privileged access through other means could leverage this vulnerability to escalate privileges and compromise critical backup infrastructure. The impact extends to sectors with high data sensitivity and regulatory requirements, including finance, healthcare, government, and critical infrastructure. Furthermore, disruption or compromise of backup systems can severely affect incident response and recovery capabilities, increasing downtime and operational risk.

1. Immediate mitigation should include restricting local access to the DDSH CLI interface to only trusted administrators and monitoring for any unusual command-line activity. 2. Implement strict access controls and multi-factor authentication for administrative accounts to reduce the risk of privilege escalation. 3. Regularly audit and review user privileges to ensure that only necessary personnel have high-level access. 4. Apply vendor-released patches or updates as soon as they become available; engage with Dell support to obtain timelines and interim mitigation guidance. 5. Employ host-based intrusion detection systems (HIDS) to detect suspicious command execution patterns on affected systems. 6. Consider network segmentation to isolate backup infrastructure from general user networks, minimizing the risk of local access by unauthorized users. 7. Maintain comprehensive logging and monitoring of all administrative actions on PowerProtect Data Domain systems to facilitate rapid detection and response. 8. Conduct security awareness training focused on insider threat risks and secure handling of privileged credentials. These measures go beyond generic advice by focusing on access restriction, monitoring, and proactive vendor engagement tailored to the specific environment of Dell PowerProtect Data Domain deployments.