CVE-2025-29987
published 2025-04-03CVE-2025-29987: Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control…
PriorityP261high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.49%
38.4th percentile
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root privileges.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dell | data_domain_operating_system | >= 7.10.1.0 < 7.10.1.60 | 7.10.1.60 |
| dell | data_domain_operating_system | >= 7.13.1.0 < 7.13.1.25 | 7.13.1.25 |
| dell | data_domain_operating_system | >= 8.3.0.0 < 8.3.0.15 | 8.3.0.15 |
| dell | dd_os_7.10 | 7.10.1.0 – 7.10.1.50 | — |
| dell | dd_os_7.13 | 7.13.1.0 – 7.13.1.20 | — |
| dell | dd_os_8.3 | 7.7.1.0 – 8.3.0.10 | — |
| dell | powerprotect_data_domain | < 7.10.1.60 | 7.10.1.60 |
| dell | powerprotect_dm5500_firmware | >= 5.12 < 5.19.0.0 | 5.19.0.0 |
| dell | powerprotect_dp_series_appliance | >= N/A < 2.7.8 | 2.7.8 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-04-03
Published