DSA-2025-139: Dell Technologies PowerProtect Data Domain Security Update for a Security Vulnerability
요약: Dell Technologies PowerProtect Data Domain remediation is available for a security vulnerability that could be exploited by malicious users to compromise the affected system.
이 문서는 다음에 적용됩니다.
이 문서는 다음에 적용되지 않습니다.
이 문서는 특정 제품과 관련이 없습니다.
모든 제품 버전이 이 문서에 나와 있는 것은 아닙니다.
영향
High
세부 정보
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2025-29987 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root privileges. | 8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2025-29987 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root privileges. | 8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
영향을 받는 제품 및 문제 해결
|
CVEs Addressed |
Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
|---|---|---|---|---|---|
|
CVE-2025-29987 |
DD OS 8.3 |
Dell PowerProtect Data Domain series appliances, Dell PowerProtect Data Domain Virtual Edition, Dell APEX Protection Storage, Dell PowerProtect Data Domain Operating System (DD OS) |
Versions 7.7.1.0 through 8.3.0.10 |
Version 8.3.0.15 or later |
PowerProtect Data Domain Operating System (DD OS) Active Releases KB Article, |
|
CVE-2025-29987 |
DD OS 7.13.1 |
Dell PowerProtect Data Domain series appliances, Dell PowerProtect Data Domain Virtual Edition, Dell APEX Protection Storage, Data Domain Operating System (DD OS) LTS2024 7.13.1 |
Versions 7.13.1.0 through 7.13.1.20 |
Version 7.13.1.25 or later |
PowerProtect Data Domain Operating System (DD OS) Active Releases KB Article, |
|
CVE-2025-29987 |
DD OS 7.10.1 |
Dell PowerProtect Data Domain series appliances, Dell PowerProtect Data Domain Virtual Edition, Dell APEX Protection Storage, Data Domain Operating System (DD OS) LTS2023 7.10.1 |
Versions 7.10.1.0 through 7.10.1.50 |
Version 7.10.1.60 or later |
PowerProtect Data Domain Operating System (DD OS) Active Releases KB Article, |
|
CVE-2025-29987 |
PowerProtect DP Series Appliance (IDPA) |
PowerProtect DP Series Software |
Versions 2.7.6, 2.7.7, and 2.7.8 |
Versions 2.7.6, 2.7.7, and 2.7.8 with DD OS 7.10.1.60 |
|
|
CVE-2025-29987 |
Disk Library for mainframe DLm8500 |
PowerProtect Data Domain Operating System (DD OS) leveraged in the Disk Library for Mainframe (DLm) environment; DLm 5.4.0.0 or later to upgrade with DD OS 7.10.1.60 |
Version 5.4.0.0 |
Version 5.4.0.0 or later with DD OS 7.10.1.60 |
|
|
CVE-2025-29987 |
Disk Library for mainframe DLm8700 |
PowerProtect Data Domain Operating System (DD OS) leveraged in the Disk Library for Mainframe (DLm) environment; DLm 7.0.0.0 or later to upgrade with DD OS 7.10.1.60 |
Version 7.0.0.0 |
Version 7.0.0.0 or later with DD OS 7.10.1.60 |
|
| CVE-2025-29987 |
PowerProtect DM5500 |
PowerProtect Data Manager Appliance (DM5500) |
Versions 5.12 through 5.18.0.1 |
Version 5.19.0.0 or later |
|
CVEs Addressed |
Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
|---|---|---|---|---|---|
|
CVE-2025-29987 |
DD OS 8.3 |
Dell PowerProtect Data Domain series appliances, Dell PowerProtect Data Domain Virtual Edition, Dell APEX Protection Storage, Dell PowerProtect Data Domain Operating System (DD OS) |
Versions 7.7.1.0 through 8.3.0.10 |
Version 8.3.0.15 or later |
PowerProtect Data Domain Operating System (DD OS) Active Releases KB Article, |
|
CVE-2025-29987 |
DD OS 7.13.1 |
Dell PowerProtect Data Domain series appliances, Dell PowerProtect Data Domain Virtual Edition, Dell APEX Protection Storage, Data Domain Operating System (DD OS) LTS2024 7.13.1 |
Versions 7.13.1.0 through 7.13.1.20 |
Version 7.13.1.25 or later |
PowerProtect Data Domain Operating System (DD OS) Active Releases KB Article, |
|
CVE-2025-29987 |
DD OS 7.10.1 |
Dell PowerProtect Data Domain series appliances, Dell PowerProtect Data Domain Virtual Edition, Dell APEX Protection Storage, Data Domain Operating System (DD OS) LTS2023 7.10.1 |
Versions 7.10.1.0 through 7.10.1.50 |
Version 7.10.1.60 or later |
PowerProtect Data Domain Operating System (DD OS) Active Releases KB Article, |
|
CVE-2025-29987 |
PowerProtect DP Series Appliance (IDPA) |
PowerProtect DP Series Software |
Versions 2.7.6, 2.7.7, and 2.7.8 |
Versions 2.7.6, 2.7.7, and 2.7.8 with DD OS 7.10.1.60 |
|
|
CVE-2025-29987 |
Disk Library for mainframe DLm8500 |
PowerProtect Data Domain Operating System (DD OS) leveraged in the Disk Library for Mainframe (DLm) environment; DLm 5.4.0.0 or later to upgrade with DD OS 7.10.1.60 |
Version 5.4.0.0 |
Version 5.4.0.0 or later with DD OS 7.10.1.60 |
|
|
CVE-2025-29987 |
Disk Library for mainframe DLm8700 |
PowerProtect Data Domain Operating System (DD OS) leveraged in the Disk Library for Mainframe (DLm) environment; DLm 7.0.0.0 or later to upgrade with DD OS 7.10.1.60 |
Version 7.0.0.0 |
Version 7.0.0.0 or later with DD OS 7.10.1.60 |
|
| CVE-2025-29987 |
PowerProtect DM5500 |
PowerProtect Data Manager Appliance (DM5500) |
Versions 5.12 through 5.18.0.1 |
Version 5.19.0.0 or later |
Caution: PowerProtect DP Series Appliance (IDPA): To remediate this vulnerability PowerProtect DP Series Appliances (IDPA) running versions 2.7.6, 2.7.7, and 2.7.8 must have DD OS upgraded to version 7.10.1.60. For comprehensive upgrade instructions, see the following Knowledge Base (KB) Articles: IDPA: Allowed Point Product Upgrades and PowerProtect Data Protection Appliance, IDPA: Procedure To Upgrade Protection Storage.
Note:
- PowerProtect Data Domain: Software Versions : This KB article provides the status of the current active PowerProtect Data Domain Operating System (DD OS) releases, along with links to the release notes. Requires https://support.dell.com/ login to view article).
- For instructions on how to upgrade PowerProtect Data Domain Operating System (DD OS), see PowerProtect Data Domain and DDVE: How to Upgrade the Data Domain Operating System
- For instructions on how to upgrade PowerProtect Data Domain High Availability (HA) Systems with specific DD OS release versions, see Data Domain: Information on DD OS upgrade to version 7.10.1.60, 7.13.1.25 or 8.3.0.15 on High Availability (HA) systems
- After upgrading to remediated PowerProtect Data Domain DD OS versions, certain security scanners may continue to generate false positive detections. For comprehensive information, see the relevant Knowledge Base (KB) articles on false positives:
개정 내역
|
Revision |
Date |
Description |
|---|---|---|
|
1.0 |
2025-04-02 |
Initial Release |
|
2.0 |
2025-04-02 |
Updated for enhanced presentation with no changes to content |
| 3.0 | 2025-04-02 | Updated caution note details for IDPA, DD OS upgrade version is 7.10.1.60. |
| 4.0 | 2025-04-03 | Updated upgrade links for DD OS and IDPA, added IDPA upgrade instructional KB Articles. |
| 5.0 | 2025-04-03 | Updated Affected Products and Remediation section for PowerProtect DP Series Appliance (IDPA) upgrade instructions |
| 6.0 | 2025-04-04 | Updated the Affected Products and Remediation section: Added Disk Library for mainframe DLm8700 and Disk Library for mainframe DLm8500 upgrade details. |
| 7.0 | 2025-04-07 | Updated the Affected Products and Remediation section: Added PowerProtect DM5500 |
| 8.0 | 2025-04-28 | Updated Notes to include High Availability (HA) systems upgrade instruction link. |
| 9.0 | 2025-05-01 | Updated versioning for DM5500 |
관련 정보
법적 고지 사항
해당 제품
Data Domain, PowerProtect Data Protection Appliance, Disk Library, DD3300 Appliance, Data Domain Deduplication Storage Systems, DD OS, DD OS 7.10, DD OS 7.13, DD OS 7.8, DD OS 7.9, DD OS 8.1, DD OS 8.3, DD OS 8.0, DD OS Licensed Features
, Data Domain Virtual Edition, DD6300 Appliance, DD6400 Appliance, DD6800 Appliance, DD6900 Appliance, DD9300 Appliance, DD9400 Appliance, DD9410 Appliance, DD9800 Appliance, DD990 Appliance, DD9910 Appliance, Disk Library for mainframe DLm8500, Disk Library for mainframe DLm8700, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, Integrated Data Protection Appliance Software, PowerProtect DM5500
...
제품
PowerProtect Data Manager Appliance문서 속성
문서 번호: 000300899
문서 유형: Dell Security Advisory
마지막 수정 시간: 01 5월 2025
다른 Dell 사용자에게 질문에 대한 답변 찾기
지원 서비스
디바이스에 지원 서비스가 적용되는지 확인하십시오.