Dell PowerProtect Data Domain
Moderate fix8 remedies
cpe:2.3:a:dell:powerprotect_data_domain:*:*:*:*:*:*:*
Moderate fix8 remedies
- >= 7.7.1.0, <= 8.3.0.15
- >= 8.3.1.0, <= 8.3.1.0
- >= 7.13.1.0, <= 7.13.1.30
- >= 7.10.1.0, <= 7.10.1.60
Dell PowerProtect Data Domain OS Command Injection Vulnerability Allowing Arbitrary Command Execution
Vulnerability
Patched
A command injection vulnerability has been identified in Dell PowerProtect Data Domain systems running Data Domain Operating System (DD OS) versions 7.7.1.0 prior to 8.3.0.15, as well as in LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, and LTS2023 release versions 7.10.1.0 through 7.10.1.60. This vulnerability arises from improper neutralization of special elements used in operating system commands, allowing a high-privileged attacker with local access to execute arbitrary commands with root privileges.
Impact
Exploitation of this vulnerability could lead to unauthorized execution of commands with root privileges, potentially allowing for further privilege escalation or manipulation of the system.
Remediation
Users can upgrade to Dell PowerProtect Data Domain OS versions 8.4.0.0 or later, or to version 8.3.1.10 or later for LTS2025, LTS2024 7.13.1, and LTS2023 7.10.1.70 or later. Instructions for upgrading the Data Domain Operating System are available on the Dell Support website.
Added: Oct 7, 2025, 7:24 PM
Updated: Oct 7, 2025, 7:24 PM
Vulnerability Rating
Custom Algorithm
spread
4.5impact
7.5exploitability
3.0remediation
7.7relevance
0.6threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.