DSA-2025-139: Dell Technologies PowerProtect Data Domain Security Update for a Security Vulnerability
Résumé: Dell Technologies PowerProtect Data Domain remediation is available for a security vulnerability that could be exploited by malicious users to compromise the affected system.
Cet article concerne
Cet article ne concerne pas
Cet article n’est associé à aucun produit spécifique.
Toutes les versions du produit ne sont pas identifiées dans cet article.
Impact
High
Détails
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2025-29987 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root privileges. | 8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2025-29987 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root privileges. | 8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Produits concernés et mesure corrective
|
CVEs Addressed |
Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
|---|---|---|---|---|---|
|
CVE-2025-29987 |
DD OS 8.3 |
Dell PowerProtect Data Domain series appliances, Dell PowerProtect Data Domain Virtual Edition, Dell APEX Protection Storage, Dell PowerProtect Data Domain Operating System (DD OS) |
Versions 7.7.1.0 through 8.3.0.10 |
Version 8.3.0.15 or later |
PowerProtect Data Domain Operating System (DD OS) Active Releases KB Article, |
|
CVE-2025-29987 |
DD OS 7.13.1 |
Dell PowerProtect Data Domain series appliances, Dell PowerProtect Data Domain Virtual Edition, Dell APEX Protection Storage, Data Domain Operating System (DD OS) LTS2024 7.13.1 |
Versions 7.13.1.0 through 7.13.1.20 |
Version 7.13.1.25 or later |
PowerProtect Data Domain Operating System (DD OS) Active Releases KB Article, |
|
CVE-2025-29987 |
DD OS 7.10.1 |
Dell PowerProtect Data Domain series appliances, Dell PowerProtect Data Domain Virtual Edition, Dell APEX Protection Storage, Data Domain Operating System (DD OS) LTS2023 7.10.1 |
Versions 7.10.1.0 through 7.10.1.50 |
Version 7.10.1.60 or later |
PowerProtect Data Domain Operating System (DD OS) Active Releases KB Article, |
|
CVE-2025-29987 |
PowerProtect DP Series Appliance (IDPA) |
PowerProtect DP Series Software |
Versions 2.7.6, 2.7.7, and 2.7.8 |
Versions 2.7.6, 2.7.7, and 2.7.8 with DD OS 7.10.1.60 |
|
|
CVE-2025-29987 |
Disk Library for mainframe DLm8500 |
PowerProtect Data Domain Operating System (DD OS) leveraged in the Disk Library for Mainframe (DLm) environment; DLm 5.4.0.0 or later to upgrade with DD OS 7.10.1.60 |
Version 5.4.0.0 |
Version 5.4.0.0 or later with DD OS 7.10.1.60 |
|
|
CVE-2025-29987 |
Disk Library for mainframe DLm8700 |
PowerProtect Data Domain Operating System (DD OS) leveraged in the Disk Library for Mainframe (DLm) environment; DLm 7.0.0.0 or later to upgrade with DD OS 7.10.1.60 |
Version 7.0.0.0 |
Version 7.0.0.0 or later with DD OS 7.10.1.60 |
|
| CVE-2025-29987 |
PowerProtect DM5500 |
PowerProtect Data Manager Appliance (DM5500) |
Versions 5.12 through 5.18.0.1 |
Version 5.19.0.0 or later |
|
CVEs Addressed |
Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
|---|---|---|---|---|---|
|
CVE-2025-29987 |
DD OS 8.3 |
Dell PowerProtect Data Domain series appliances, Dell PowerProtect Data Domain Virtual Edition, Dell APEX Protection Storage, Dell PowerProtect Data Domain Operating System (DD OS) |
Versions 7.7.1.0 through 8.3.0.10 |
Version 8.3.0.15 or later |
PowerProtect Data Domain Operating System (DD OS) Active Releases KB Article, |
|
CVE-2025-29987 |
DD OS 7.13.1 |
Dell PowerProtect Data Domain series appliances, Dell PowerProtect Data Domain Virtual Edition, Dell APEX Protection Storage, Data Domain Operating System (DD OS) LTS2024 7.13.1 |
Versions 7.13.1.0 through 7.13.1.20 |
Version 7.13.1.25 or later |
PowerProtect Data Domain Operating System (DD OS) Active Releases KB Article, |
|
CVE-2025-29987 |
DD OS 7.10.1 |
Dell PowerProtect Data Domain series appliances, Dell PowerProtect Data Domain Virtual Edition, Dell APEX Protection Storage, Data Domain Operating System (DD OS) LTS2023 7.10.1 |
Versions 7.10.1.0 through 7.10.1.50 |
Version 7.10.1.60 or later |
PowerProtect Data Domain Operating System (DD OS) Active Releases KB Article, |
|
CVE-2025-29987 |
PowerProtect DP Series Appliance (IDPA) |
PowerProtect DP Series Software |
Versions 2.7.6, 2.7.7, and 2.7.8 |
Versions 2.7.6, 2.7.7, and 2.7.8 with DD OS 7.10.1.60 |
|
|
CVE-2025-29987 |
Disk Library for mainframe DLm8500 |
PowerProtect Data Domain Operating System (DD OS) leveraged in the Disk Library for Mainframe (DLm) environment; DLm 5.4.0.0 or later to upgrade with DD OS 7.10.1.60 |
Version 5.4.0.0 |
Version 5.4.0.0 or later with DD OS 7.10.1.60 |
|
|
CVE-2025-29987 |
Disk Library for mainframe DLm8700 |
PowerProtect Data Domain Operating System (DD OS) leveraged in the Disk Library for Mainframe (DLm) environment; DLm 7.0.0.0 or later to upgrade with DD OS 7.10.1.60 |
Version 7.0.0.0 |
Version 7.0.0.0 or later with DD OS 7.10.1.60 |
|
| CVE-2025-29987 |
PowerProtect DM5500 |
PowerProtect Data Manager Appliance (DM5500) |
Versions 5.12 through 5.18.0.1 |
Version 5.19.0.0 or later |
Caution: PowerProtect DP Series Appliance (IDPA): To remediate this vulnerability PowerProtect DP Series Appliances (IDPA) running versions 2.7.6, 2.7.7, and 2.7.8 must have DD OS upgraded to version 7.10.1.60. For comprehensive upgrade instructions, see the following Knowledge Base (KB) Articles: IDPA: Allowed Point Product Upgrades and PowerProtect Data Protection Appliance, IDPA: Procedure To Upgrade Protection Storage.
Note:
- PowerProtect Data Domain: Software Versions : This KB article provides the status of the current active PowerProtect Data Domain Operating System (DD OS) releases, along with links to the release notes. Requires https://support.dell.com/ login to view article).
- For instructions on how to upgrade PowerProtect Data Domain Operating System (DD OS), see PowerProtect Data Domain and DDVE: How to Upgrade the Data Domain Operating System
- For instructions on how to upgrade PowerProtect Data Domain High Availability (HA) Systems with specific DD OS release versions, see Data Domain: Information on DD OS upgrade to version 7.10.1.60, 7.13.1.25 or 8.3.0.15 on High Availability (HA) systems
- After upgrading to remediated PowerProtect Data Domain DD OS versions, certain security scanners may continue to generate false positive detections. For comprehensive information, see the relevant Knowledge Base (KB) articles on false positives:
Historique des révisions
|
Revision |
Date |
Description |
|---|---|---|
|
1.0 |
2025-04-02 |
Initial Release |
|
2.0 |
2025-04-02 |
Updated for enhanced presentation with no changes to content |
| 3.0 | 2025-04-02 | Updated caution note details for IDPA, DD OS upgrade version is 7.10.1.60. |
| 4.0 | 2025-04-03 | Updated upgrade links for DD OS and IDPA, added IDPA upgrade instructional KB Articles. |
| 5.0 | 2025-04-03 | Updated Affected Products and Remediation section for PowerProtect DP Series Appliance (IDPA) upgrade instructions |
| 6.0 | 2025-04-04 | Updated the Affected Products and Remediation section: Added Disk Library for mainframe DLm8700 and Disk Library for mainframe DLm8500 upgrade details. |
| 7.0 | 2025-04-07 | Updated the Affected Products and Remediation section: Added PowerProtect DM5500 |
| 8.0 | 2025-04-28 | Updated Notes to include High Availability (HA) systems upgrade instruction link. |
| 9.0 | 2025-05-01 | Updated versioning for DM5500 |
Informations connexes
Mention légale
Produits concernés
Data Domain, PowerProtect Data Protection Appliance, Disk Library, DD3300 Appliance, Data Domain Deduplication Storage Systems, DD OS, DD OS 7.10, DD OS 7.13, DD OS 7.8, DD OS 7.9, DD OS 8.1, DD OS 8.3, DD OS 8.0, DD OS Licensed Features
, Data Domain Virtual Edition, DD6300 Appliance, DD6400 Appliance, DD6800 Appliance, DD6900 Appliance, DD9300 Appliance, DD9400 Appliance, DD9410 Appliance, DD9800 Appliance, DD990 Appliance, DD9910 Appliance, Disk Library for mainframe DLm8500, Disk Library for mainframe DLm8700, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, Integrated Data Protection Appliance Software, PowerProtect DM5500
...
Produits
PowerProtect Data Manager AppliancePropriétés de l’article
Numéro d’article: 000300899
Type d’article: Dell Security Advisory
Dernière modification: 01 mai 2025
Trouvez des réponses à vos questions auprès d’autres utilisateurs Dell
Services de support
Vérifiez si votre appareil est couvert par les services de support.