CVE-2025-36569 is a vulnerability classified under CWE-78 (Improper Neutralization of Special Elements used in an OS Command, commonly known as OS Command Injection) affecting Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) Feature Release versions 7.7.1.0 through 8.1.0.10, as well as LTS2024 and LTS2023 releases within specified version ranges. The flaw arises from insufficient sanitization of input that is incorporated into OS commands, enabling a high-privileged local attacker to inject and execute arbitrary commands with root-level privileges. This can lead to full system compromise, allowing attackers to manipulate backup data, disrupt backup services, or pivot to other parts of the network. The vulnerability requires local access with high privileges, meaning remote exploitation is not feasible without prior access. The CVSS v3.1 score of 6.7 reflects a medium severity rating, balancing the high impact on confidentiality, integrity, and availability against the limited attack vector and required privileges. No public exploits or active exploitation have been reported to date. The absence of patch links suggests that a fix may be pending or in development, underscoring the need for vigilance and interim mitigations.

The vulnerability could have severe consequences for organizations relying on Dell PowerProtect Data Domain systems for backup and disaster recovery. Successful exploitation allows attackers to execute arbitrary commands as root, potentially leading to unauthorized data access, data corruption, deletion of backup data, or disruption of backup and recovery operations. This undermines data integrity and availability, critical for business continuity and compliance with data protection regulations. Given the central role of these systems in safeguarding enterprise data, compromise could facilitate further lateral movement within networks, increasing the risk of broader breaches. The requirement for local high-privileged access limits the attack surface but does not eliminate risk, especially in environments with multiple administrators or where insider threats exist. The lack of known exploits reduces immediate risk but does not preclude future weaponization.

Organizations should implement strict access controls to limit local administrative privileges on affected DD OS systems, ensuring only trusted personnel have such access. Monitoring and auditing of local user activity should be enhanced to detect suspicious command execution or privilege escalations. Until patches are released, consider isolating affected systems from less trusted network segments and employing host-based intrusion detection systems to identify anomalous behavior. Regularly review and harden system configurations to minimize attack vectors. Engage with Dell support to obtain updates on patch availability and apply security updates promptly once released. Additionally, conduct thorough backups of critical data and test recovery procedures to mitigate potential damage from exploitation. Employ network segmentation and zero-trust principles to reduce the impact of any local compromise.