CVE-2025-30099 is an OS command injection vulnerability classified under CWE-78, found in Dell PowerProtect Data Domain Feature Release versions 7.7.1.0 through 8.1.0.10, including LTS2023 and LTS2024 releases. The vulnerability resides in the DDSH CLI component, where insufficient sanitization of user-supplied input allows special characters to be interpreted by the operating system shell. This improper neutralization enables a low-privileged attacker with local access to inject and execute arbitrary OS commands with root-level privileges. The attack vector requires local access but no user interaction, increasing the risk in environments where multiple users have shell or CLI access. The vulnerability affects confidentiality, integrity, and availability, as attackers can execute commands that may lead to data exfiltration, system manipulation, or denial of service. Although no exploits have been observed in the wild yet, the high CVSS score of 7.8 reflects the significant risk posed by this flaw. Dell has not yet published patches, so mitigation currently relies on access restrictions and monitoring. The vulnerability was reserved in March 2025 and publicly disclosed in August 2025.

The impact of CVE-2025-30099 is substantial for organizations using affected Dell PowerProtect Data Domain systems. Successful exploitation grants attackers root-level command execution, enabling full control over the system. This can lead to unauthorized data access or exfiltration, manipulation or deletion of backup data, disruption of backup and recovery operations, and potential lateral movement within the network. Given that Data Domain systems are critical for data protection and disaster recovery, compromise could severely affect business continuity and data integrity. The requirement for local access limits remote exploitation but does not eliminate risk in environments with multiple users or insufficient access controls. The vulnerability threatens confidentiality, integrity, and availability, making it a critical concern for enterprises relying on these storage solutions.

Until official patches are released by Dell, organizations should implement strict access controls to limit local access to the DDSH CLI interface only to trusted administrators. Employ multi-factor authentication and robust user account management to reduce the risk of unauthorized local access. Monitor system logs and command execution traces for unusual activity indicative of exploitation attempts. Consider network segmentation to isolate Data Domain systems from less trusted users or networks. Disable or restrict CLI access where possible, and enforce the principle of least privilege. Once Dell releases patches, prioritize immediate deployment after testing in controlled environments. Additionally, maintain up-to-date backups and incident response plans to quickly recover from potential compromises.