CVE-2025-36566: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution. Exploitation may allow privilege escalation to root.
AI Analysis
Technical Summary
CVE-2025-36566 is an OS command injection vulnerability categorized under CWE-78, found in Dell PowerProtect Data Domain systems running the Data Domain Operating System (DD OS). The affected versions include Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 releases 7.13.1.0 through 7.13.1.25, and LTS2023 releases 7.10.1.0 through 7.10.1.50. The vulnerability arises from improper neutralization of special elements in OS commands, allowing a high-privileged local attacker to inject arbitrary commands. This can lead to arbitrary command execution on the underlying operating system, enabling privilege escalation to root. The attack vector requires local access with high privileges but does not require user interaction. The vulnerability impacts confidentiality, integrity, and availability, as an attacker could manipulate or disrupt backup data and system operations. Although no public exploits are known, the potential for severe impact exists if exploited. The CVSS 3.1 base score of 6.7 reflects the medium severity, factoring in the requirement for local high privileges and the lack of user interaction. The absence of patch links suggests that remediation may require vendor updates or configuration changes once available.
Potential Impact
For European organizations, this vulnerability could have serious consequences, especially for enterprises relying on Dell PowerProtect Data Domain for backup and data protection. Successful exploitation could lead to unauthorized command execution with root privileges, compromising backup integrity and availability. This may result in data loss, disruption of backup services, and potential lateral movement within the network. Organizations in sectors with stringent data protection requirements, such as finance, healthcare, and critical infrastructure, could face regulatory and operational risks. The requirement for local high privileges limits remote exploitation but raises concerns if internal threat actors or compromised insiders exist. Additionally, disruption of backup systems could hinder recovery from ransomware or other cyberattacks, amplifying the impact. The medium severity rating suggests a moderate but non-trivial risk that should be addressed promptly to maintain data security and compliance.
Mitigation Recommendations
European organizations should implement the following specific mitigation steps: 1) Restrict and monitor local access to Dell PowerProtect Data Domain systems, ensuring only trusted administrators have high privileges. 2) Apply principle of least privilege rigorously to minimize the number of users with high-level access. 3) Monitor system logs and audit trails for unusual command executions or privilege escalations. 4) Segregate backup infrastructure networks to limit exposure and reduce risk of lateral movement. 5) Engage with Dell support to obtain and apply patches or firmware updates as soon as they become available. 6) If patches are not yet available, consider temporary compensating controls such as disabling or restricting vulnerable features or interfaces. 7) Conduct internal security awareness and training to prevent insider threats. 8) Regularly review and update incident response plans to include scenarios involving backup system compromise. These targeted actions go beyond generic advice by focusing on access control, monitoring, and vendor coordination specific to the affected product.
Affected Countries
Germany, United Kingdom, France, Netherlands, Italy, Spain, Sweden, Belgium
CVE-2025-36566: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release
Description
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution. Exploitation may allow privilege escalation to root.
AI-Powered Analysis
Technical Analysis
CVE-2025-36566 is an OS command injection vulnerability categorized under CWE-78, found in Dell PowerProtect Data Domain systems running the Data Domain Operating System (DD OS). The affected versions include Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 releases 7.13.1.0 through 7.13.1.25, and LTS2023 releases 7.10.1.0 through 7.10.1.50. The vulnerability arises from improper neutralization of special elements in OS commands, allowing a high-privileged local attacker to inject arbitrary commands. This can lead to arbitrary command execution on the underlying operating system, enabling privilege escalation to root. The attack vector requires local access with high privileges but does not require user interaction. The vulnerability impacts confidentiality, integrity, and availability, as an attacker could manipulate or disrupt backup data and system operations. Although no public exploits are known, the potential for severe impact exists if exploited. The CVSS 3.1 base score of 6.7 reflects the medium severity, factoring in the requirement for local high privileges and the lack of user interaction. The absence of patch links suggests that remediation may require vendor updates or configuration changes once available.
Potential Impact
For European organizations, this vulnerability could have serious consequences, especially for enterprises relying on Dell PowerProtect Data Domain for backup and data protection. Successful exploitation could lead to unauthorized command execution with root privileges, compromising backup integrity and availability. This may result in data loss, disruption of backup services, and potential lateral movement within the network. Organizations in sectors with stringent data protection requirements, such as finance, healthcare, and critical infrastructure, could face regulatory and operational risks. The requirement for local high privileges limits remote exploitation but raises concerns if internal threat actors or compromised insiders exist. Additionally, disruption of backup systems could hinder recovery from ransomware or other cyberattacks, amplifying the impact. The medium severity rating suggests a moderate but non-trivial risk that should be addressed promptly to maintain data security and compliance.
Mitigation Recommendations
European organizations should implement the following specific mitigation steps: 1) Restrict and monitor local access to Dell PowerProtect Data Domain systems, ensuring only trusted administrators have high privileges. 2) Apply principle of least privilege rigorously to minimize the number of users with high-level access. 3) Monitor system logs and audit trails for unusual command executions or privilege escalations. 4) Segregate backup infrastructure networks to limit exposure and reduce risk of lateral movement. 5) Engage with Dell support to obtain and apply patches or firmware updates as soon as they become available. 6) If patches are not yet available, consider temporary compensating controls such as disabling or restricting vulnerable features or interfaces. 7) Conduct internal security awareness and training to prevent insider threats. 8) Regularly review and update incident response plans to include scenarios involving backup system compromise. These targeted actions go beyond generic advice by focusing on access control, monitoring, and vendor coordination specific to the affected product.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- dell
- Date Reserved
- 2025-04-15T21:29:33.584Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 68e57159a677756fc9a082fb
Added to database: 10/7/2025, 8:00:25 PM
Last enriched: 10/7/2025, 8:16:05 PM
Last updated: 10/8/2025, 5:41:34 AM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-11171: CWE-306 Missing Authentication for Critical Function in ays-pro Chartify – WordPress Chart Plugin
MediumCVE-2025-11434: SQL Injection in itsourcecode Student Transcript Processing System
MediumCVE-2025-11433: Cross Site Scripting in itsourcecode Leave Management System
MediumCVE-2025-11204: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in metagauss RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login
HighCVE-2025-11432: SQL Injection in itsourcecode Leave Management System
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.