DSA-2025-139: Dell Technologies PowerProtect Data Domain Security Update for a Security Vulnerability
Resumo: Dell Technologies PowerProtect Data Domain remediation is available for a security vulnerability that could be exploited by malicious users to compromise the affected system.
Impacto
High
Dados
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2025-29987 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root privileges. | 8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2025-29987 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root privileges. | 8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Produtos afetados e soluções
|
CVEs Addressed |
Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
|---|---|---|---|---|---|
|
CVE-2025-29987 |
DD OS 8.3 |
Dell PowerProtect Data Domain series appliances, Dell PowerProtect Data Domain Virtual Edition, Dell APEX Protection Storage, Dell PowerProtect Data Domain Operating System (DD OS) |
Versions 7.7.1.0 through 8.3.0.10 |
Version 8.3.0.15 or later |
PowerProtect Data Domain Operating System (DD OS) Active Releases KB Article, |
|
CVE-2025-29987 |
DD OS 7.13.1 |
Dell PowerProtect Data Domain series appliances, Dell PowerProtect Data Domain Virtual Edition, Dell APEX Protection Storage, Data Domain Operating System (DD OS) LTS2024 7.13.1 |
Versions 7.13.1.0 through 7.13.1.20 |
Version 7.13.1.25 or later |
PowerProtect Data Domain Operating System (DD OS) Active Releases KB Article, |
|
CVE-2025-29987 |
DD OS 7.10.1 |
Dell PowerProtect Data Domain series appliances, Dell PowerProtect Data Domain Virtual Edition, Dell APEX Protection Storage, Data Domain Operating System (DD OS) LTS2023 7.10.1 |
Versions 7.10.1.0 through 7.10.1.50 |
Version 7.10.1.60 or later |
PowerProtect Data Domain Operating System (DD OS) Active Releases KB Article, |
|
CVE-2025-29987 |
PowerProtect DP Series Appliance (IDPA) |
PowerProtect DP Series Software |
Versions 2.7.6, 2.7.7, and 2.7.8 |
Versions 2.7.6, 2.7.7, and 2.7.8 with DD OS 7.10.1.60 |
|
|
CVE-2025-29987 |
Disk Library for mainframe DLm8500 |
PowerProtect Data Domain Operating System (DD OS) leveraged in the Disk Library for Mainframe (DLm) environment; DLm 5.4.0.0 or later to upgrade with DD OS 7.10.1.60 |
Version 5.4.0.0 |
Version 5.4.0.0 or later with DD OS 7.10.1.60 |
|
|
CVE-2025-29987 |
Disk Library for mainframe DLm8700 |
PowerProtect Data Domain Operating System (DD OS) leveraged in the Disk Library for Mainframe (DLm) environment; DLm 7.0.0.0 or later to upgrade with DD OS 7.10.1.60 |
Version 7.0.0.0 |
Version 7.0.0.0 or later with DD OS 7.10.1.60 |
|
| CVE-2025-29987 |
PowerProtect DM5500 |
PowerProtect Data Manager Appliance (DM5500) |
Versions 5.12 through 5.18.0.1 |
Version 5.19.0.0 or later |
|
CVEs Addressed |
Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
|---|---|---|---|---|---|
|
CVE-2025-29987 |
DD OS 8.3 |
Dell PowerProtect Data Domain series appliances, Dell PowerProtect Data Domain Virtual Edition, Dell APEX Protection Storage, Dell PowerProtect Data Domain Operating System (DD OS) |
Versions 7.7.1.0 through 8.3.0.10 |
Version 8.3.0.15 or later |
PowerProtect Data Domain Operating System (DD OS) Active Releases KB Article, |
|
CVE-2025-29987 |
DD OS 7.13.1 |
Dell PowerProtect Data Domain series appliances, Dell PowerProtect Data Domain Virtual Edition, Dell APEX Protection Storage, Data Domain Operating System (DD OS) LTS2024 7.13.1 |
Versions 7.13.1.0 through 7.13.1.20 |
Version 7.13.1.25 or later |
PowerProtect Data Domain Operating System (DD OS) Active Releases KB Article, |
|
CVE-2025-29987 |
DD OS 7.10.1 |
Dell PowerProtect Data Domain series appliances, Dell PowerProtect Data Domain Virtual Edition, Dell APEX Protection Storage, Data Domain Operating System (DD OS) LTS2023 7.10.1 |
Versions 7.10.1.0 through 7.10.1.50 |
Version 7.10.1.60 or later |
PowerProtect Data Domain Operating System (DD OS) Active Releases KB Article, |
|
CVE-2025-29987 |
PowerProtect DP Series Appliance (IDPA) |
PowerProtect DP Series Software |
Versions 2.7.6, 2.7.7, and 2.7.8 |
Versions 2.7.6, 2.7.7, and 2.7.8 with DD OS 7.10.1.60 |
|
|
CVE-2025-29987 |
Disk Library for mainframe DLm8500 |
PowerProtect Data Domain Operating System (DD OS) leveraged in the Disk Library for Mainframe (DLm) environment; DLm 5.4.0.0 or later to upgrade with DD OS 7.10.1.60 |
Version 5.4.0.0 |
Version 5.4.0.0 or later with DD OS 7.10.1.60 |
|
|
CVE-2025-29987 |
Disk Library for mainframe DLm8700 |
PowerProtect Data Domain Operating System (DD OS) leveraged in the Disk Library for Mainframe (DLm) environment; DLm 7.0.0.0 or later to upgrade with DD OS 7.10.1.60 |
Version 7.0.0.0 |
Version 7.0.0.0 or later with DD OS 7.10.1.60 |
|
| CVE-2025-29987 |
PowerProtect DM5500 |
PowerProtect Data Manager Appliance (DM5500) |
Versions 5.12 through 5.18.0.1 |
Version 5.19.0.0 or later |
- PowerProtect Data Domain: Software Versions : This KB article provides the status of the current active PowerProtect Data Domain Operating System (DD OS) releases, along with links to the release notes. Requires https://support.dell.com/ login to view article).
- For instructions on how to upgrade PowerProtect Data Domain Operating System (DD OS), see PowerProtect Data Domain and DDVE: How to Upgrade the Data Domain Operating System
- For instructions on how to upgrade PowerProtect Data Domain High Availability (HA) Systems with specific DD OS release versions, see Data Domain: Information on DD OS upgrade to version 7.10.1.60, 7.13.1.25 or 8.3.0.15 on High Availability (HA) systems
- After upgrading to remediated PowerProtect Data Domain DD OS versions, certain security scanners may continue to generate false positive detections. For comprehensive information, see the relevant Knowledge Base (KB) articles on false positives:
Histórico de revisão
|
Revision |
Date |
Description |
|---|---|---|
|
1.0 |
2025-04-02 |
Initial Release |
|
2.0 |
2025-04-02 |
Updated for enhanced presentation with no changes to content |
| 3.0 | 2025-04-02 | Updated caution note details for IDPA, DD OS upgrade version is 7.10.1.60. |
| 4.0 | 2025-04-03 | Updated upgrade links for DD OS and IDPA, added IDPA upgrade instructional KB Articles. |
| 5.0 | 2025-04-03 | Updated Affected Products and Remediation section for PowerProtect DP Series Appliance (IDPA) upgrade instructions |
| 6.0 | 2025-04-04 | Updated the Affected Products and Remediation section: Added Disk Library for mainframe DLm8700 and Disk Library for mainframe DLm8500 upgrade details. |
| 7.0 | 2025-04-07 | Updated the Affected Products and Remediation section: Added PowerProtect DM5500 |
| 8.0 | 2025-04-28 | Updated Notes to include High Availability (HA) systems upgrade instruction link. |
| 9.0 | 2025-05-01 | Updated versioning for DM5500 |