Dell PowerProtect Flaw Allows Remote Attackers to Execute Arbitrary Commands

Dell Technologies has released a security update addressing a critical vulnerability (CVE-2025-29987) in its PowerProtect Data Domain Operating System (DD OS).

The vulnerability allows authenticated attackers to execute arbitrary commands with root privileges, posing a high security risk. Users are strongly urged to update their systems to the latest remediated versions to protect against potential exploitation.

An insufficient granularity of access control vulnerability in the Dell PowerProtect Data Domain Operating System (DD OS) enables an authenticated user from a trusted remote client to execute arbitrary commands with root privileges.

CVSS Base Score: 8.8 (High) and the Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Dell has categorized the impact of this vulnerability as High. If exploited, attackers could gain complete control over the affected system, endangering the confidentiality, integrity, and availability of sensitive data stored on ...