CVE-2025-29987 — Insufficient Granularity of Access Control in Dell Powerprotect DP Series Appliance

CWE-1220 — Insufficient Granularity of Access Control3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.4%

top 38.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Powerprotect DP Series Appliance Dell Data Domain Operating System Dell Powerprotect Data Domain +4 more

Timeline

PublishedApr 3

Description

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root privileges.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages7 packages

▶NVDdell/data_domain_operating_system7.10.1.0 — 7.10.1.60+2

▶NVDdell/powerprotect_data_domain< 7.10.1.60

▶NVDdell/powerprotect_dm5500_firmware5.12 — 5.19.0.0

▶CVEListV5dell/powerprotect_dp_series_applianceN/A — 2.7.8

▶CVEListV5dell/dd_os_8.37.7.1.0 — 8.3.0.10

🔴Vulnerability Details

CVEList

CVE-2025-29987: Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8↗2025-04-03

▶

GHSA

GHSA-5gr5-vwj6-rq22: Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8↗2025-04-03

▶