CVE-2025-30097
BaseFortify
Publication date: 2025-08-04
Last updated on: 2025-10-16
Assigner: Dell
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dell | data_domain_operating_system | From 7.7.1.0 (inc) to 7.10.1.60 (exc) |
| dell | data_domain_operating_system | From 7.11.0.0 (inc) to 7.13.1.30 (exc) |
| dell | data_domain_operating_system | From 8.0.0.0 (inc) to 8.3.0.10 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an OS Command Injection flaw in the DDSH CLI of Dell PowerProtect Data Domain operating system versions specified. It allows a highly privileged attacker with local access to execute arbitrary commands with root privileges by improperly neutralizing special elements used in OS commands.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker with local high privileges to execute arbitrary commands as root, potentially leading to full system compromise, unauthorized data access, modification, or disruption of services.