_Igor_Mojzes_Alamy.jpg?#)
![Apple Considers Delaying Smart Home Hub Until 2026 [Gurman]](https://www.iclarified.com/images/news/96946/96946/96946-640.jpg)
![Tariffs Threaten Apple's $999 iPhone Price Point in the U.S. [Gurman]](https://www.iclarified.com/images/news/96943/96943/96943-640.jpg)
![iPhone 17 Pro Won't Feature Two-Toned Back [Gurman]](https://www.iclarified.com/images/news/96944/96944/96944-640.jpg)
.webp?#)
.webp?#)
![[The AI Show Episode 142]: ChatGPT’s New Image Generator, Studio Ghibli Craze and Backlash, Gemini 2.5, OpenAI Academy, 4o Updates, Vibe Marketing & xAI Acquires X](https://www.marketingaiinstitute.com/hubfs/ep%20142%20cover.png)
![From drop-out to software architect with Jason Lengstorf [Podcast #167]](https://cdn.hashnode.com/res/hashnode/image/upload/v1743796461357/f3d19cd7-e6f5-4d7c-8bfc-eb974bc8da68.png?#)
![[DEALS] The Premium Learn to Code Certification Bundle (97% off) & Other Deals Up To 98% Off – Offers End Soon!](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
-Mario-Kart-World-Hands-On-Preview-Is-It-Good-00-08-36.jpg?width=1920&height=1920&fit=bounds&quality=80&format=jpg&auto=webp#)
(1).jpg?width=1920&height=1920&fit=bounds&quality=80&format=jpg&auto=webp#)
.png?#)
Dell PowerProtect Systems Vulnerability Let Remote Attackers Execute Arbitrary Commands
A significant security vulnerability in Dell Technologies PowerProtect Data Domain systems has been identified that could allow authenticated users to execute arbitrary commands with root privileges, potentially compromising critical data protection infrastructure. Dell has released remediation patches to address this high-severity issue that affects multiple product lines across their enterprise backup and recovery portfolio. Security […] The post Dell PowerProtect Systems Vulnerability Let Remote Attackers Execute Arbitrary Commands appeared first on Cyber Security News.
.webp?#)
A significant security vulnerability in Dell Technologies PowerProtect Data Domain systems has been identified that could allow authenticated users to execute arbitrary commands with root privileges, potentially compromising critical data protection infrastructure.
Dell has released remediation patches to address this high-severity issue that affects multiple product lines across their enterprise backup and recovery portfolio.
Security researchers have identified a serious flaw, tracked as CVE-2025-29987, in Dell PowerProtect Data Domain systems running Data Domain Operating System (DD OS) versions prior to 8.3.0.15.
The vulnerability has received a CVSS Base Score of 8.8 (HIGH) with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating its potential for significant damage if exploited.
The core issue is classified as an “Insufficient Granularity of Access Control vulnerability” that could enable “an authenticated user from a trusted remote client” to gain unauthorized elevation of privileges.
Application Security is no longer just a defensive play, Time to Secure -> Free Webinar
The vulnerability allows for “execution of arbitrary commands with root privileges,” essentially giving attackers complete control over affected systems.
According to the security advisory, this vulnerability affects multiple versions of Dell’s data protection infrastructure.
The exploitability score of 2.8 and impact score of 5.9 further underscore the significant risk posed to organizations using unpatched versions.
Affected Products and Systems
The vulnerability impacts a wide range of Dell PowerProtect Data Domain products, including:
- Dell PowerProtect Data Domain series appliances.
- Dell PowerProtect Data Domain Virtual Edition.
- Dell APEX Protection Storage.
- PowerProtect DP Series Appliance (IDPA) versions 2.7.6, 2.7.7, and 2.7.8.
- Disk Library for mainframe DLm8500 and DLm8700.
Specifically, vulnerable DD OS versions include those from 7.7.1.0 through 8.3.0.10, 7.13.1.0 through 7.13.1.20, and 7.10.1.0 through 7.10.1.50.
The summary of the vulnerability is given below:
Risk Factors Details Affected Products Dell PowerProtect Data Domain series appliances, Dell PowerProtect Data Domain Virtual Edition, Dell APEX Protection Storage, PowerProtect DP Series Appliance (IDPA), Disk Library for mainframe DLm8500 and DLm8700 Impact Execute Arbitrary Commands Exploit Prerequisites Authenticated user from a trusted remote client; low-privileged access required CVSS 3.1 Score 8.8 (High)
Dell has rapidly developed and released patched versions to address this vulnerability. Organizations using affected systems are strongly urged to upgrade to the following remediated versions:
- For DD OS 8.3: Version 8.3.0.15 or later.
- For DD OS 7.13.1: Version 7.13.1.25 or later.
- For DD OS 7.10.1: Version 7.10.1.60 or later.
For PowerProtect DP Series Appliance (IDPA) versions 2.7.6, 2.7.7, and 2.7.8, customers must upgrade to incorporate DD OS 7.10.1.60.
Similar upgrade requirements apply to the Disk Library for mainframe DLm8500 (Version 5.4.0.0 or later) and DLm8700 (Version 7.0.0.0 or later).
Security Implications
This is not the first time Dell PowerProtect products have faced security challenges. Previous vulnerabilities in the PowerProtect ecosystem, such as CVE-2023-44277 and CVE-2024-22445, have also allowed for arbitrary command execution.
The current vulnerability (CVE-2025-29987) is especially concerning because once exploited, attackers gain root-level access to affected systems, potentially allowing them to:
- Access or destroy protected backup data.
- Inject malicious code into backup infrastructure.
- Pivot to other connected systems within enterprise networks.
- Compromise data integrity within backup repositories.
Organizations are strongly advised to prioritize these security updates, particularly for systems containing sensitive or regulated data.
Dell has been actively revising its advisory documentation, with six updates between April 2 and 4, 2025, to provide comprehensive remediation guidance for all affected products.
Customers should consult Dell’s knowledge base articles and remediation documentation for detailed upgrade instructions and product-specific guidance.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try 50 Request for Free
The post Dell PowerProtect Systems Vulnerability Let Remote Attackers Execute Arbitrary Commands appeared first on Cyber Security News.
