Search
Find a vulnerability
Search criteria
2 vulnerabilities found for powerprotect_dm5500_firmware by dell
CVE-2025-29987 (GCVE-0-2025-29987)
Vulnerability from nvd – Published: 2025-04-03 15:18 – Updated: 2026-02-26 18:28
VLAI
EPSS
VEX
Summary
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root privileges.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1220 - Insufficient Granularity of Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00030089… | vendor-advisory |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | DD OS 8.3 |
Affected:
7.7.1.0 , ≤ 8.3.0.10
(semver)
|
|
| Dell | DD OS 7.13 |
Affected:
7.13.1.0 , ≤ 7.13.1.20
(semver)
|
|
| Dell | DD OS 7.10 |
Affected:
7.10.1.0 , ≤ 7.10.1.50
(semver)
|
|
| Dell | PowerProtect DP Series Appliance (IDPA) |
Affected:
N/A , < 2.7.8
(semver)
|
Date Public
2025-04-02 06:30
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-29987",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-05T03:55:36.340980Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T18:28:57.797Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DD OS 8.3",
"vendor": "Dell",
"versions": [
{
"lessThanOrEqual": "8.3.0.10",
"status": "affected",
"version": "7.7.1.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DD OS 7.13",
"vendor": "Dell",
"versions": [
{
"lessThanOrEqual": "7.13.1.20",
"status": "affected",
"version": "7.13.1.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DD OS 7.10",
"vendor": "Dell",
"versions": [
{
"lessThanOrEqual": "7.10.1.50",
"status": "affected",
"version": "7.10.1.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerProtect DP Series Appliance (IDPA)",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.7.8",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-04-02T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root privileges.\u003cbr\u003e"
}
],
"value": "Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1220",
"description": "CWE-1220: Insufficient Granularity of Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T15:18:06.144Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000300899/dsa-2025-139-dell-technologies-powerprotect-data-domain-security-update-for-a-security-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2025-29987",
"datePublished": "2025-04-03T15:18:06.144Z",
"dateReserved": "2025-03-13T05:03:56.322Z",
"dateUpdated": "2026-02-26T18:28:57.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-29987 (GCVE-0-2025-29987)
Vulnerability from cvelistv5 – Published: 2025-04-03 15:18 – Updated: 2026-02-26 18:28
VLAI
EPSS
VEX
Summary
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root privileges.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1220 - Insufficient Granularity of Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00030089… | vendor-advisory |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | DD OS 8.3 |
Affected:
7.7.1.0 , ≤ 8.3.0.10
(semver)
|
|
| Dell | DD OS 7.13 |
Affected:
7.13.1.0 , ≤ 7.13.1.20
(semver)
|
|
| Dell | DD OS 7.10 |
Affected:
7.10.1.0 , ≤ 7.10.1.50
(semver)
|
|
| Dell | PowerProtect DP Series Appliance (IDPA) |
Affected:
N/A , < 2.7.8
(semver)
|
Date Public
2025-04-02 06:30
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-29987",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-05T03:55:36.340980Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T18:28:57.797Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DD OS 8.3",
"vendor": "Dell",
"versions": [
{
"lessThanOrEqual": "8.3.0.10",
"status": "affected",
"version": "7.7.1.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DD OS 7.13",
"vendor": "Dell",
"versions": [
{
"lessThanOrEqual": "7.13.1.20",
"status": "affected",
"version": "7.13.1.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DD OS 7.10",
"vendor": "Dell",
"versions": [
{
"lessThanOrEqual": "7.10.1.50",
"status": "affected",
"version": "7.10.1.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerProtect DP Series Appliance (IDPA)",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.7.8",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-04-02T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root privileges.\u003cbr\u003e"
}
],
"value": "Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1220",
"description": "CWE-1220: Insufficient Granularity of Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T15:18:06.144Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000300899/dsa-2025-139-dell-technologies-powerprotect-data-domain-security-update-for-a-security-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2025-29987",
"datePublished": "2025-04-03T15:18:06.144Z",
"dateReserved": "2025-03-13T05:03:56.322Z",
"dateUpdated": "2026-02-26T18:28:57.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}