CVE-2025-30097 is a vulnerability classified under CWE-78 (Improper Neutralization of Special Elements used in an OS Command), commonly known as OS command injection. It affects Dell PowerProtect Data Domain systems running Data Domain Operating System (DD OS) Feature Release versions from 7.7.1.0 through 8.1.0.10, as well as LTS2024 and LTS2023 releases within specified version ranges. The vulnerability resides in the DDSH CLI, a command-line interface used for system management. Due to improper sanitization of input, a high-privileged attacker with local access can inject malicious OS commands, which are executed with root-level privileges. This can lead to full system compromise, including unauthorized data access, modification, or destruction, and potentially pivoting to other network assets. The CVSS v3.1 score of 6.7 reflects a medium severity rating, with attack vector local (AV:L), low attack complexity (AC:L), high privileges required (PR:H), no user interaction (UI:N), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). No patches were linked at the time of reporting, and no active exploitation has been observed in the wild. The vulnerability underscores the importance of secure input validation in CLI tools, especially those running with elevated privileges in critical backup and storage infrastructure.

If exploited, this vulnerability allows a high-privileged local attacker to execute arbitrary commands as root, leading to complete system compromise. This can result in unauthorized access to sensitive backup data, data corruption or deletion, disruption of backup services, and potential lateral movement within the network. Organizations relying on Dell PowerProtect Data Domain for data protection and storage could face data loss, operational downtime, and regulatory compliance violations. The impact extends to confidentiality, integrity, and availability of critical backup infrastructure. Given the root-level access gained, attackers could also implant persistent backdoors or disrupt recovery capabilities, severely affecting disaster recovery plans. Although exploitation requires local access and high privileges, insider threats or attackers who have already compromised administrative accounts pose a significant risk. The lack of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, especially as exploit code could be developed and weaponized in the future.

Organizations should immediately review and restrict local administrative access to Dell PowerProtect Data Domain systems, ensuring only trusted personnel have high-privilege accounts. Implement strict access controls and monitoring on the DDSH CLI usage to detect anomalous command executions. Apply principle of least privilege to limit the number of users with root-level access. Monitor system logs for suspicious activity indicative of command injection attempts. Dell should be contacted for official patches or updates addressing this vulnerability; once available, promptly apply them to affected systems. In the interim, consider disabling or restricting access to the vulnerable DDSH CLI functionality if feasible. Conduct regular security audits and vulnerability assessments on backup infrastructure. Employ network segmentation to isolate backup appliances from general user networks, reducing the risk of local access by unauthorized users. Maintain up-to-date backups and test recovery procedures to mitigate potential damage from exploitation.