CVE-2025-29987

Published Apr 3, 2025

Last updated 3 months ago

CVSS high 8.8

Overview

Description
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root privileges.
Source
security_alert@emc.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

security_alert@emc.com
CWE-1220

Social media

Hype score
Not currently trending

  1. ⚠️ Critical flaw in unpatched Dell PowerProtect (CVE-2025-29987) allows remote root access. Patch to DD OS 8.3.0.15 now! 🔒 #cybersecurity #Dell" 👇 https://t.co/S92uHe74GF

    @_F2po_

    7 Apr 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Dell TechnologiesのPowerProtect Data Domain製品に重大な脆弱性(CVE-2025-29987)が確認された。 DD OSバージョン8.3.0.15未満などに存在するアクセス制御の不備により、信頼されたリモートクライアントから認証済みユーザーがroot権限で任意のコマンドを実行できる恐れがある。

    @yousukezan

    7 Apr 2025

    118 Impressions

    2 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 CVE-2025-29987 🔴 HIGH (8.8) 🏢 Dell - DD OS 8.3 🏗️ 7.7.1.0 🔗 https://t.co/5TatzgOmWA #CyberCron #VulnAlert #InfoSec https://t.co/CyVA3TbNGA

    @cybercronai

    5 Apr 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Critical alert: Dell PowerProtect Data Domain systems (DD OS <8.3.0.15) have a high-severity flaw (CVE-2025-29987) allowing authenticated attackers to gain root access. Patch now to protect your backup infrastructure. Details: https://t.co/Z40GmWFX4X

    @RedTeamNewsBlog

    3 Apr 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. [CVE-2025-29987: HIGH] Dell PowerProtect Data Domain with DD OS < 8.3.0.15 is vulnerable to insufficient access control. Authenticated users from trusted remote clients could execute commands with root privileges.#cybersecurity,#vulnerability https://t.co/0JMsQ1Bm28 https://t.

    @CveFindCom

    3 Apr 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.