Dell Data Domain Operating System vulnerabilities

47 known vulnerabilities affecting dell/data_domain_operating_system.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL1HIGH16MEDIUM28LOW2

Vulnerabilities

Page 2 of 3

CVE-2025-45375MEDIUMCVSS 4.4≥ 7.7.1.0, < 7.10.1.70≥ 7.13.1.0, < 7.13.1.40+2 more2025-10-07

CVE-2025-45375 [MEDIUM] CWE-121 CVE-2025-45375: Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain a Stack-based Buffer Overflow vulnerability. A high privileged attacker with l

nvd

CVE-2025-43913MEDIUMCVSS 6.5≥ 7.7.1.0, < 7.10.1.70≥ 7.13.1.0, < 7.13.1.40+2 more2025-10-07

CVE-2025-43913 [MEDIUM] CWE-327 CVE-2025-43913: Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Use of a Broken or Risky Cryptographic Algorithm vulnerability in the DDOS.

nvd

CVE-2025-43934MEDIUMCVSS 6.0≥ 7.7.1.0, < 7.10.1.70≥ 7.13.1.0, < 7.13.1.40+2 more2025-10-07

CVE-2025-43934 [MEDIUM] CWE-22 CVE-2025-43934: Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal

nvd

CVE-2025-36567MEDIUMCVSS 6.7≥ 7.7.1.0, < 7.10.1.60≥ 7.13.1.0, < 7.13.1.30+1 more2025-10-07

CVE-2025-36567 [MEDIUM] CWE-78 CVE-2025-36567: Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A h

nvd

CVE-2025-36594CRITICALCVSS 9.8≥ 7.7.1.0, < 7.10.1.70≥ 7.13.1.0, < 7.13.1.30+1 more2025-08-04

CVE-2025-36594 [CRITICAL] CWE-290 CVE-2025-36594: Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Authentication Bypass by Spoofing vulnerability. An unauthenticated attacker with remote access could pote

nvd

CVE-2025-30099HIGHCVSS 7.8≥ 7.7.1.0, < 7.10.1.60≥ 7.11.0.0, < 7.13.1.30+1 more2025-08-04

CVE-2025-30099 [HIGH] CWE-78 CVE-2025-30099: Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the

nvd

CVE-2025-30096MEDIUMCVSS 6.7≥ 7.7.1.0, < 7.10.1.60≥ 7.11.0.0, < 7.13.1.30+1 more2025-08-04

CVE-2025-30096 [MEDIUM] CWE-78 CVE-2025-30096: Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in t

nvd

CVE-2025-30097MEDIUMCVSS 6.7≥ 7.7.1.0, < 7.10.1.60≥ 7.11.0.0, < 7.13.1.30+1 more2025-08-04

CVE-2025-30097 [MEDIUM] CWE-78 CVE-2025-30097: Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in t

nvd

CVE-2025-30098MEDIUMCVSS 6.7≥ 7.7.1.0, < 7.10.1.60≥ 7.11.0.0, < 7.13.1.30+1 more2025-08-04

CVE-2025-30098 [MEDIUM] CWE-78 CVE-2025-30098: Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in t

nvd

CVE-2025-29987HIGHCVSS 8.8≥ 7.10.1.0, < 7.10.1.60≥ 7.13.1.0, < 7.13.1.25+1 more2025-04-03

CVE-2025-29987 [HIGH] CWE-1220 CVE-2025-29987: Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 c Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root privileges.

nvd

CVE-2025-22475HIGHCVSS 7.5≥ 7.10.1.0, < 7.10.1.50≥ 7.13.1.0, < 7.13.1.10+1 more2025-02-04

CVE-2025-22475 [HIGH] CWE-1240 CVE-2025-22475: Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10 contains a use of a C Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10 contains a use of a Cryptographic Primitive with a Risky Implementation vulnerability. A remote attacker could potentially exploit this vulnerability, leading to Information tampering.

nvd

CVE-2024-53295HIGHCVSS 7.8≥ 7.10.1.0, < 7.10.1.50≥ 7.13.1.0, < 7.13.1.20+1 more2025-02-01

CVE-2024-53295 [HIGH] CWE-1220 CVE-2024-53295: Dell PowerProtect DD versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain an improper access Dell PowerProtect DD versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege.

nvd

CVE-2024-51534HIGHCVSS 7.1≥ 7.10.1.0, < 7.10.1.50≥ 7.13.1.0, < 7.13.1.20+1 more2025-02-01

CVE-2024-51534 [HIGH] CWE-29 CVE-2024-51534: Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path travers Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability. A local low privileged could potentially exploit this vulnerability to gain unauthorized overwrite of OS files stored on the server filesystem. Exploitation could lead to denial of service.

nvd

CVE-2024-53296MEDIUMCVSS 4.9≥ 7.10.1.0, < 7.10.1.50≥ 7.13.1.0, < 7.13.1.202025-02-01

CVE-2024-53296 [MEDIUM] CWE-121 CVE-2024-53296: Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.

nvd

CVE-2024-48010HIGHCVSS 7.2≥ 7.7.0.0, < 7.7.5.50≥ 7.10.0.0, < 7.10.1.40+2 more2024-11-08

CVE-2024-48010 [HIGH] CWE-284 CVE-2024-48010: Dell PowerProtect DD, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an acc Dell PowerProtect DD, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to escalation of privilege on the application.

nvd

CVE-2024-45759HIGHCVSS 7.3≥ 7.7.1.0, < 7.7.5.50≥ 7.10.0.0, < 7.10.1.40+2 more2024-11-08

CVE-2024-45759 [HIGH] CWE-266 CVE-2024-45759: Dell PowerProtect Data Domain, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contai Dell PowerProtect Data Domain, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an escalation of privilege vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to unauthorized execution of certain commands to overwrite system config of the application. Exploitation may lead to deni

nvd

CVE-2024-48011MEDIUMCVSS 6.5≥ 7.0, < 7.7.5.502024-11-08

CVE-2024-48011 [MEDIUM] CWE-200 CVE-2024-48011: Dell PowerProtect DD, versions prior to 7.7.5.50, contains an Exposure of Sensitive Information to a Dell PowerProtect DD, versions prior to 7.7.5.50, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

nvd

CVE-2024-29176HIGHCVSS 8.8≥ 7.0, < 7.7.5.40≥ 7.8.0.0, < 7.10.1.30+2 more2024-06-26

CVE-2024-29176 [HIGH] CWE-787 CVE-2024-29176: Dell PowerProtect DD, version(s) 8.0, 7.13.1.0, 7.10.1.30, 7.7.5.40, contain(s) an Out-of-bounds Wri Dell PowerProtect DD, version(s) 8.0, 7.13.1.0, 7.10.1.30, 7.7.5.40, contain(s) an Out-of-bounds Write vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.

nvd

CVE-2024-37140HIGHCVSS 8.8fixed in 7.7.5.40≥ 7.8.0.0, < 7.10.1.30+1 more2024-06-26

CVE-2024-37140 [HIGH] CWE-78 CVE-2024-37140: Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS command injection vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the system application's underlying OS with the privileges of the

nvd

CVE-2024-29174MEDIUMCVSS 4.4fixed in 7.7.5.40≥ 7.8.0.0, < 7.10.1.30+1 more2024-06-26

CVE-2024-29174 [MEDIUM] CWE-89 CVE-2024-29174: Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contain an SQL Injection v Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contain an SQL Injection vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing unauthorized access to application data.

nvd

← Previous2 / 3Next →