CVE-2025-30099: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Dell PowerProtect Data Domain Feature Release

High

VulnerabilityCVE-2025-30099cve cve-2025-30099 cwe-78

Published: Mon Aug 04 2025 (08/04/2025, 14:47:32 UTC)

Source: CVE Database V5

Vendor/Project: Dell

Product: PowerProtect Data Domain Feature Release

Description

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.

Technical Details

Data Version: 5.1
Assigner Short Name: dell
Date Reserved: 2025-03-17T05:03:47.267Z
Cvss Version: 3.1
State: PUBLISHED

Threat ID: 6890cb8ead5a09ad00e1ea11

Added to database: 8/4/2025, 3:02:38 PM

Last updated: 8/4/2025, 3:02:38 PM

Related Threats

CVE-2025-30098: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Dell PowerProtect Data Domain Feature Release

Medium

VulnerabilityMon Aug 04 2025

CVE-2025-51536: n/a

High

VulnerabilityMon Aug 04 2025

CVE-2025-44643: n/a

Unknown

VulnerabilityMon Aug 04 2025

CVE-2025-36594: CWE-290: Authentication Bypass by Spoofing in Dell PowerProtect Data Domain Feature Release

Critical

VulnerabilityMon Aug 04 2025

CVE-2025-30097: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Dell PowerProtect Data Domain Feature Release

Medium

VulnerabilityMon Aug 04 2025

Actions

Please log in to the Console to use AI analysis features.

External Links

NVD Database MITRE CVE Reference 1 Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

CVE-2025-30099: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Dell PowerProtect Data Domain Feature Release

CVE-2025-30099: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Dell PowerProtect Data Domain Feature Release

Description

Technical Details

Related Threats

CVE-2025-30098: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Dell PowerProtect Data Domain Feature Release

CVE-2025-51536: n/a

CVE-2025-44643: n/a

CVE-2025-36594: CWE-290: Authentication Bypass by Spoofing in Dell PowerProtect Data Domain Feature Release

CVE-2025-30097: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Dell PowerProtect Data Domain Feature Release

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility