Skip to main content
DashboardThreatsMapFeedsAPI
reconnecting
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

CVE-2025-36566: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release

0
Medium
VulnerabilityCVE-2025-36566cvecve-2025-36566cwe-78
Published: Tue Oct 07 2025 (10/07/2025, 19:44:11 UTC)
Source: CVE Database V5
Vendor/Project: Dell
Product: PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release

Description

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution. Exploitation may allow privilege escalation to root.

AI-Powered Analysis

AILast updated: 10/07/2025, 20:16:05 UTC

Technical Analysis

CVE-2025-36566 is an OS command injection vulnerability categorized under CWE-78, found in Dell PowerProtect Data Domain systems running the Data Domain Operating System (DD OS). The affected versions include Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 releases 7.13.1.0 through 7.13.1.25, and LTS2023 releases 7.10.1.0 through 7.10.1.50. The vulnerability arises from improper neutralization of special elements in OS commands, allowing a high-privileged local attacker to inject arbitrary commands. This can lead to arbitrary command execution on the underlying operating system, enabling privilege escalation to root. The attack vector requires local access with high privileges but does not require user interaction. The vulnerability impacts confidentiality, integrity, and availability, as an attacker could manipulate or disrupt backup data and system operations. Although no public exploits are known, the potential for severe impact exists if exploited. The CVSS 3.1 base score of 6.7 reflects the medium severity, factoring in the requirement for local high privileges and the lack of user interaction. The absence of patch links suggests that remediation may require vendor updates or configuration changes once available.

Potential Impact

For European organizations, this vulnerability could have serious consequences, especially for enterprises relying on Dell PowerProtect Data Domain for backup and data protection. Successful exploitation could lead to unauthorized command execution with root privileges, compromising backup integrity and availability. This may result in data loss, disruption of backup services, and potential lateral movement within the network. Organizations in sectors with stringent data protection requirements, such as finance, healthcare, and critical infrastructure, could face regulatory and operational risks. The requirement for local high privileges limits remote exploitation but raises concerns if internal threat actors or compromised insiders exist. Additionally, disruption of backup systems could hinder recovery from ransomware or other cyberattacks, amplifying the impact. The medium severity rating suggests a moderate but non-trivial risk that should be addressed promptly to maintain data security and compliance.

Mitigation Recommendations

European organizations should implement the following specific mitigation steps: 1) Restrict and monitor local access to Dell PowerProtect Data Domain systems, ensuring only trusted administrators have high privileges. 2) Apply principle of least privilege rigorously to minimize the number of users with high-level access. 3) Monitor system logs and audit trails for unusual command executions or privilege escalations. 4) Segregate backup infrastructure networks to limit exposure and reduce risk of lateral movement. 5) Engage with Dell support to obtain and apply patches or firmware updates as soon as they become available. 6) If patches are not yet available, consider temporary compensating controls such as disabling or restricting vulnerable features or interfaces. 7) Conduct internal security awareness and training to prevent insider threats. 8) Regularly review and update incident response plans to include scenarios involving backup system compromise. These targeted actions go beyond generic advice by focusing on access control, monitoring, and vendor coordination specific to the affected product.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
dell
Date Reserved
2025-04-15T21:29:33.584Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 68e57159a677756fc9a082fb

Added to database: 10/7/2025, 8:00:25 PM

Last enriched: 10/7/2025, 8:16:05 PM

Last updated: 10/8/2025, 5:41:34 AM

Views: 7

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats