CVE-2025-30099 is a high-severity OS command injection vulnerability affecting Dell PowerProtect Data Domain systems running specific versions of the Data Domain Operating System (DD OS). The affected versions include Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 releases 7.13.1.0 through 7.13.1.25, and LTS2023 releases 7.10.1.0 through 7.10.1.50. The vulnerability resides in the DDSH CLI (Data Domain Shell Command Line Interface), where improper neutralization of special elements in OS commands allows a low-privileged local attacker to execute arbitrary commands with root privileges. This occurs due to insufficient sanitization of user input before it is passed to the underlying operating system shell, classified under CWE-78 (Improper Neutralization of Special Elements used in an OS Command). The CVSS v3.1 base score is 7.8, reflecting high severity with attack vector local (AV:L), low attack complexity (AC:L), requiring low privileges (PR:L), no user interaction (UI:N), unchanged scope (S:U), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). Although no known exploits are reported in the wild yet, the vulnerability poses a significant risk because exploitation leads to full root-level command execution, potentially compromising the entire system and any data stored or processed by it. Given that Dell PowerProtect Data Domain is widely used for enterprise backup and data protection, successful exploitation could allow attackers to manipulate backup data, disrupt backup operations, or pivot to other parts of the network.

For European organizations, this vulnerability presents a critical risk to data integrity and availability, especially for enterprises relying on Dell PowerProtect Data Domain for backup and disaster recovery. Compromise of these systems could lead to unauthorized access to sensitive backup data, data corruption, or deletion, undermining business continuity and compliance with data protection regulations such as GDPR. The root-level access gained by exploiting this vulnerability could also enable attackers to install persistent malware, exfiltrate data, or disrupt backup services, potentially causing significant operational and reputational damage. Organizations in sectors with stringent data protection requirements, such as finance, healthcare, and government, are particularly vulnerable. Additionally, the local access requirement means that attackers would need some level of internal access or foothold, which could be achieved through phishing, insider threats, or lateral movement after initial compromise. This elevates the importance of internal network security and monitoring.

1. Immediate patching: Organizations should prioritize applying vendor-supplied patches or updates as soon as they become available for the affected DD OS versions. 2. Access control hardening: Restrict local access to the DDSH CLI to trusted administrators only, using strong authentication mechanisms and role-based access controls. 3. Network segmentation: Isolate backup infrastructure from general user networks to minimize the risk of an attacker gaining local access. 4. Monitoring and auditing: Enable detailed logging and monitoring of DDSH CLI usage and system commands to detect suspicious activities indicative of exploitation attempts. 5. Least privilege principle: Limit user privileges on backup systems to the minimum necessary, reducing the potential impact of compromised accounts. 6. Incident response readiness: Prepare and test incident response plans specifically for backup infrastructure compromise scenarios. 7. User training: Educate administrators on the risks of command injection vulnerabilities and safe operational practices to avoid inadvertent exposure. 8. Temporary workarounds: If patches are delayed, consider disabling or restricting access to the vulnerable CLI components where feasible, or implementing input validation proxies if possible.