CVE-2025-36566 is a vulnerability classified under CWE-78 (Improper Neutralization of Special Elements used in an OS Command), specifically an OS command injection flaw found in Dell PowerProtect Data Domain systems running Data Domain Operating System (DD OS) versions 7.7.1.0 through 8.1.0.10, including LTS2024 and LTS2023 releases. The vulnerability allows a high-privileged local attacker to inject malicious commands into the operating system due to insufficient sanitization of special characters or elements in command inputs. This improper neutralization enables arbitrary command execution with the privileges of the compromised process, which can lead to privilege escalation to root. The attack vector requires local access and high privileges, with no user interaction needed. The vulnerability impacts confidentiality, integrity, and availability by allowing attackers to execute arbitrary commands, potentially compromising sensitive data, altering system configurations, or disrupting services. Although no public exploits have been reported, the medium CVSS score of 6.7 reflects the significant risk posed by this vulnerability in environments where attackers can gain or already have elevated local access. The lack of available patches at the time of reporting necessitates immediate mitigation efforts to reduce exposure.

The vulnerability poses a serious risk to organizations relying on Dell PowerProtect Data Domain systems for data backup and storage, as successful exploitation can lead to full system compromise. Attackers with high privileges and local access could execute arbitrary commands, potentially leading to unauthorized data access, data corruption, or disruption of backup services. Privilege escalation to root could allow attackers to bypass security controls, install persistent malware, or pivot to other parts of the network. This could result in data breaches, loss of data integrity, and significant operational downtime. Given the critical role of data protection appliances in enterprise environments, exploitation could severely impact business continuity and regulatory compliance. The absence of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially in environments where insider threats or compromised credentials exist.

Organizations should immediately restrict local access to Dell PowerProtect Data Domain systems to trusted administrators only, employing strict access controls and monitoring. Implement robust logging and alerting to detect unusual command executions or privilege escalations. Until patches are released, consider isolating affected systems from less trusted network segments to reduce attack surface. Conduct regular audits of user privileges and remove unnecessary high-privilege accounts. Employ application whitelisting or command filtering where possible to prevent execution of unauthorized commands. Stay informed on Dell’s security advisories for timely patch availability and apply updates promptly once released. Additionally, perform thorough incident response readiness to quickly address any signs of exploitation.