DSA-2025-139: Dell Technologies PowerProtect Data Domain Security Update for a Security Vulnerability
Oversigt: Dell Technologies PowerProtect Data Domain remediation is available for a security vulnerability that could be exploited by malicious users to compromise the affected system.
Denne artikel gælder for
Denne artikel gælder ikke for
Denne artikel er ikke knyttet til et bestemt produkt.
Det er ikke alle produktversioner, der er identificeret i denne artikel.
Virkning
High
Oplysninger
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2025-29987 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root privileges. | 8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2025-29987 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root privileges. | 8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Berørte produkter og udbedring
|
CVEs Addressed |
Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
|---|---|---|---|---|---|
|
CVE-2025-29987 |
DD OS 8.3 |
Dell PowerProtect Data Domain series appliances, Dell PowerProtect Data Domain Virtual Edition, Dell APEX Protection Storage, Dell PowerProtect Data Domain Operating System (DD OS) |
Versions 7.7.1.0 through 8.3.0.10 |
Version 8.3.0.15 or later |
PowerProtect Data Domain Operating System (DD OS) Active Releases KB Article, |
|
CVE-2025-29987 |
DD OS 7.13.1 |
Dell PowerProtect Data Domain series appliances, Dell PowerProtect Data Domain Virtual Edition, Dell APEX Protection Storage, Data Domain Operating System (DD OS) LTS2024 7.13.1 |
Versions 7.13.1.0 through 7.13.1.20 |
Version 7.13.1.25 or later |
PowerProtect Data Domain Operating System (DD OS) Active Releases KB Article, |
|
CVE-2025-29987 |
DD OS 7.10.1 |
Dell PowerProtect Data Domain series appliances, Dell PowerProtect Data Domain Virtual Edition, Dell APEX Protection Storage, Data Domain Operating System (DD OS) LTS2023 7.10.1 |
Versions 7.10.1.0 through 7.10.1.50 |
Version 7.10.1.60 or later |
PowerProtect Data Domain Operating System (DD OS) Active Releases KB Article, |
|
CVE-2025-29987 |
PowerProtect DP Series Appliance (IDPA) |
PowerProtect DP Series Software |
Versions 2.7.6, 2.7.7, and 2.7.8 |
Versions 2.7.6, 2.7.7, and 2.7.8 with DD OS 7.10.1.60 |
|
|
CVE-2025-29987 |
Disk Library for mainframe DLm8500 |
PowerProtect Data Domain Operating System (DD OS) leveraged in the Disk Library for Mainframe (DLm) environment; DLm 5.4.0.0 or later to upgrade with DD OS 7.10.1.60 |
Version 5.4.0.0 |
Version 5.4.0.0 or later with DD OS 7.10.1.60 |
|
|
CVE-2025-29987 |
Disk Library for mainframe DLm8700 |
PowerProtect Data Domain Operating System (DD OS) leveraged in the Disk Library for Mainframe (DLm) environment; DLm 7.0.0.0 or later to upgrade with DD OS 7.10.1.60 |
Version 7.0.0.0 |
Version 7.0.0.0 or later with DD OS 7.10.1.60 |
|
| CVE-2025-29987 |
PowerProtect DM5500 |
PowerProtect Data Manager Appliance (DM5500) |
Versions 5.12 through 5.18.0.1 |
Version 5.19.0.0 or later |
|
CVEs Addressed |
Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
|---|---|---|---|---|---|
|
CVE-2025-29987 |
DD OS 8.3 |
Dell PowerProtect Data Domain series appliances, Dell PowerProtect Data Domain Virtual Edition, Dell APEX Protection Storage, Dell PowerProtect Data Domain Operating System (DD OS) |
Versions 7.7.1.0 through 8.3.0.10 |
Version 8.3.0.15 or later |
PowerProtect Data Domain Operating System (DD OS) Active Releases KB Article, |
|
CVE-2025-29987 |
DD OS 7.13.1 |
Dell PowerProtect Data Domain series appliances, Dell PowerProtect Data Domain Virtual Edition, Dell APEX Protection Storage, Data Domain Operating System (DD OS) LTS2024 7.13.1 |
Versions 7.13.1.0 through 7.13.1.20 |
Version 7.13.1.25 or later |
PowerProtect Data Domain Operating System (DD OS) Active Releases KB Article, |
|
CVE-2025-29987 |
DD OS 7.10.1 |
Dell PowerProtect Data Domain series appliances, Dell PowerProtect Data Domain Virtual Edition, Dell APEX Protection Storage, Data Domain Operating System (DD OS) LTS2023 7.10.1 |
Versions 7.10.1.0 through 7.10.1.50 |
Version 7.10.1.60 or later |
PowerProtect Data Domain Operating System (DD OS) Active Releases KB Article, |
|
CVE-2025-29987 |
PowerProtect DP Series Appliance (IDPA) |
PowerProtect DP Series Software |
Versions 2.7.6, 2.7.7, and 2.7.8 |
Versions 2.7.6, 2.7.7, and 2.7.8 with DD OS 7.10.1.60 |
|
|
CVE-2025-29987 |
Disk Library for mainframe DLm8500 |
PowerProtect Data Domain Operating System (DD OS) leveraged in the Disk Library for Mainframe (DLm) environment; DLm 5.4.0.0 or later to upgrade with DD OS 7.10.1.60 |
Version 5.4.0.0 |
Version 5.4.0.0 or later with DD OS 7.10.1.60 |
|
|
CVE-2025-29987 |
Disk Library for mainframe DLm8700 |
PowerProtect Data Domain Operating System (DD OS) leveraged in the Disk Library for Mainframe (DLm) environment; DLm 7.0.0.0 or later to upgrade with DD OS 7.10.1.60 |
Version 7.0.0.0 |
Version 7.0.0.0 or later with DD OS 7.10.1.60 |
|
| CVE-2025-29987 |
PowerProtect DM5500 |
PowerProtect Data Manager Appliance (DM5500) |
Versions 5.12 through 5.18.0.1 |
Version 5.19.0.0 or later |
Caution: PowerProtect DP Series Appliance (IDPA): To remediate this vulnerability PowerProtect DP Series Appliances (IDPA) running versions 2.7.6, 2.7.7, and 2.7.8 must have DD OS upgraded to version 7.10.1.60. For comprehensive upgrade instructions, see the following Knowledge Base (KB) Articles: IDPA: Allowed Point Product Upgrades and PowerProtect Data Protection Appliance, IDPA: Procedure To Upgrade Protection Storage.
Note:
- PowerProtect Data Domain: Software Versions : This KB article provides the status of the current active PowerProtect Data Domain Operating System (DD OS) releases, along with links to the release notes. Requires https://support.dell.com/ login to view article).
- For instructions on how to upgrade PowerProtect Data Domain Operating System (DD OS), see PowerProtect Data Domain and DDVE: How to Upgrade the Data Domain Operating System
- For instructions on how to upgrade PowerProtect Data Domain High Availability (HA) Systems with specific DD OS release versions, see Data Domain: Information on DD OS upgrade to version 7.10.1.60, 7.13.1.25 or 8.3.0.15 on High Availability (HA) systems
- After upgrading to remediated PowerProtect Data Domain DD OS versions, certain security scanners may continue to generate false positive detections. For comprehensive information, see the relevant Knowledge Base (KB) articles on false positives:
Revisionshistorik
|
Revision |
Date |
Description |
|---|---|---|
|
1.0 |
2025-04-02 |
Initial Release |
|
2.0 |
2025-04-02 |
Updated for enhanced presentation with no changes to content |
| 3.0 | 2025-04-02 | Updated caution note details for IDPA, DD OS upgrade version is 7.10.1.60. |
| 4.0 | 2025-04-03 | Updated upgrade links for DD OS and IDPA, added IDPA upgrade instructional KB Articles. |
| 5.0 | 2025-04-03 | Updated Affected Products and Remediation section for PowerProtect DP Series Appliance (IDPA) upgrade instructions |
| 6.0 | 2025-04-04 | Updated the Affected Products and Remediation section: Added Disk Library for mainframe DLm8700 and Disk Library for mainframe DLm8500 upgrade details. |
| 7.0 | 2025-04-07 | Updated the Affected Products and Remediation section: Added PowerProtect DM5500 |
| 8.0 | 2025-04-28 | Updated Notes to include High Availability (HA) systems upgrade instruction link. |
| 9.0 | 2025-05-01 | Updated versioning for DM5500 |
Relaterede oplysninger
Ansvarsfraskrivelse
Berørte produkter
Data Domain, PowerProtect Data Protection Appliance, Disk Library, DD3300 Appliance, Data Domain Deduplication Storage Systems, DD OS, DD OS 7.10, DD OS 7.13, DD OS 7.8, DD OS 7.9, DD OS 8.1, DD OS 8.3, DD OS 8.0, DD OS Licensed Features
, Data Domain Virtual Edition, DD6300 Appliance, DD6400 Appliance, DD6800 Appliance, DD6900 Appliance, DD9300 Appliance, DD9400 Appliance, DD9410 Appliance, DD9800 Appliance, DD990 Appliance, DD9910 Appliance, Disk Library for mainframe DLm8500, Disk Library for mainframe DLm8700, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, Integrated Data Protection Appliance Software, PowerProtect DM5500
...
Produkter
PowerProtect Data Manager ApplianceArtikelegenskaber
Artikelnummer: 000300899
Artikeltype: Dell Security Advisory
Senest ændret: 01 maj 2025
Find svar på dine spørgsmål fra andre Dell-brugere
Supportservices
Kontrollér, om din enhed er dækket af supportservices.