CVE-2025-30098 is an OS command injection vulnerability identified in Dell PowerProtect Data Domain systems running specific versions of the Data Domain Operating System (DD OS), specifically Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release versions 7.13.1.0 through 7.13.1.25, and LTS 2023 release versions 7.10.1.0 through 7.10.1.50. The vulnerability resides in the DDSH CLI (Command Line Interface), where improper neutralization of special elements in OS commands allows a high-privileged attacker with local access to inject arbitrary OS commands. Successful exploitation results in execution of arbitrary commands with root privileges, potentially compromising the confidentiality, integrity, and availability of the affected system. The CVSS v3.1 base score is 6.7, indicating a medium severity level. The attack vector is local (AV:L), requiring low attack complexity (AC:L) but high privileges (PR:H) and no user interaction (UI:N). The scope is unchanged (S:U), and the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). No known exploits are currently reported in the wild, and no patches are linked in the provided data, suggesting that mitigation may require vendor updates or configuration changes. This vulnerability is critical for environments relying on Dell PowerProtect Data Domain for backup and data protection, as root-level compromise can lead to data theft, destruction, or disruption of backup services.

For European organizations, the impact of CVE-2025-30098 can be significant, especially for enterprises and service providers that use Dell PowerProtect Data Domain systems for critical backup and disaster recovery operations. A successful attack could lead to unauthorized access to sensitive backup data, manipulation or deletion of backups, and disruption of data protection workflows. This could result in data loss, regulatory non-compliance (e.g., GDPR violations), and operational downtime. Given the root-level access gained through exploitation, attackers could also establish persistent footholds or pivot to other parts of the network, increasing the risk of broader compromise. Organizations in sectors such as finance, healthcare, government, and critical infrastructure in Europe are particularly at risk due to their reliance on robust data protection and stringent regulatory requirements.

1. Restrict local access to Dell PowerProtect Data Domain systems strictly to trusted administrators and monitor for unauthorized access attempts. 2. Implement strong authentication and access controls to limit high-privilege user accounts and regularly audit their usage. 3. Apply the latest patches and firmware updates from Dell as soon as they become available to address this vulnerability. 4. Employ command-line interface usage monitoring and anomaly detection to identify suspicious command injection attempts. 5. Use network segmentation to isolate backup infrastructure from general user networks, reducing the risk of local access by unauthorized users. 6. Conduct regular security assessments and penetration testing focusing on backup systems to detect potential exploitation paths. 7. Maintain comprehensive logging and alerting on the DDSH CLI usage to facilitate rapid incident response.