CVE-2025-30097 is an OS Command Injection vulnerability classified under CWE-78 affecting Dell PowerProtect Data Domain systems running specific versions of the Data Domain Operating System (DD OS). The affected versions include Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 releases 7.13.1.0 through 7.13.1.25, and LTS2023 releases 7.10.1.0 through 7.10.1.50. The vulnerability resides in the DDSH CLI (Data Domain Shell Command Line Interface), where improper neutralization of special elements in OS commands allows a high-privileged attacker with local access to inject arbitrary OS commands. Successful exploitation results in execution of arbitrary commands with root privileges, potentially compromising the confidentiality, integrity, and availability of the affected system. The CVSS v3.1 base score is 6.7, reflecting a medium severity level, with attack vector local (AV:L), low attack complexity (AC:L), high privileges required (PR:H), no user interaction (UI:N), unchanged scope (S:U), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). No known exploits are currently reported in the wild, and no patches are linked in the provided data, indicating that mitigation may require vendor updates or configuration changes. This vulnerability is critical in environments where local access can be obtained by an attacker, such as through compromised credentials or insider threats. The root cause is improper sanitization of input in the CLI, allowing injection of shell commands that execute with root privileges, which can lead to full system compromise, data exfiltration, or disruption of backup and recovery operations that rely on PowerProtect Data Domain appliances.

For European organizations, this vulnerability poses a significant risk especially for enterprises relying on Dell PowerProtect Data Domain appliances for backup and data protection. Exploitation could lead to unauthorized root-level command execution, resulting in data breaches, loss of data integrity, or denial of backup services. This is particularly critical for sectors with stringent data protection regulations such as GDPR, where data confidentiality and integrity are paramount. Disruption or compromise of backup infrastructure can severely impact business continuity and incident recovery capabilities. Given the high privileges required, the threat is more relevant in scenarios where attackers have already gained local access, such as through compromised administrative credentials or insider threats. The medium CVSS score suggests moderate ease of exploitation but high impact, emphasizing the need for vigilance in access control and monitoring. Organizations in finance, healthcare, government, and critical infrastructure sectors in Europe, which heavily depend on secure backup solutions, could face operational and compliance risks if this vulnerability is exploited.

1. Immediate mitigation should focus on restricting local access to the affected Dell PowerProtect Data Domain systems, enforcing strict access controls, and monitoring for unusual CLI activity. 2. Apply any available vendor patches or updates as soon as they are released; regularly check Dell’s security advisories for updates related to this CVE. 3. Implement multi-factor authentication (MFA) for administrative access to reduce the risk of credential compromise. 4. Employ network segmentation to isolate backup appliances from general user networks, limiting potential attack vectors. 5. Conduct regular audits of user accounts and privileges on the affected systems to ensure that only necessary personnel have high-level access. 6. Enable and review detailed logging of CLI commands and system activities to detect potential exploitation attempts early. 7. Consider deploying host-based intrusion detection systems (HIDS) on these appliances if supported, to alert on suspicious command executions. 8. Train administrators on secure usage of the DDSH CLI and the risks of command injection vulnerabilities. 9. As a longer-term strategy, evaluate alternative backup solutions or additional layers of security controls to mitigate risks associated with local privilege escalation vulnerabilities.