cbcvebase.
CVE-2025-29987
published 2025-04-03

CVE-2025-29987: Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control…

PriorityP261high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.49%
38.4th percentile
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root privileges.

Affected

9 ranges
VendorProductVersion rangeFixed in
delldata_domain_operating_system>= 7.10.1.0 < 7.10.1.607.10.1.60
delldata_domain_operating_system>= 7.13.1.0 < 7.13.1.257.13.1.25
delldata_domain_operating_system>= 8.3.0.0 < 8.3.0.158.3.0.15
delldd_os_7.107.10.1.0 – 7.10.1.50
delldd_os_7.137.13.1.0 – 7.13.1.20
delldd_os_8.37.7.1.0 – 8.3.0.10
dellpowerprotect_data_domain< 7.10.1.607.10.1.60
dellpowerprotect_dm5500_firmware>= 5.12 < 5.19.0.05.19.0.0
dellpowerprotect_dp_series_appliance>= N/A < 2.7.82.7.8
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.