Severity
High
Analysis Summary
CVE-2025-30099 CVSS:7.8
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.
CVE-2025-38739 CVSS:7.2
Dell Digital Delivery, versions prior to 5.6.1.0, contains an Insufficiently Protected Credentials vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to Information Disclosure.
Impact
- Information Disclosure
- Gain Access
Indicators of Compromise
CVE
CVE-2025-30099
CVE-2025-38739
Affected Vendors
- Dell
Affected Products
- Dell PowerProtect Data Domain Feature Release 7.7.1.0
- Dell PowerProtect Data Domain LTS2024 7.13.1.0
- Dell PowerProtect Data Domain LTS2024 7.13.1.25
- Dell PowerProtect Data Domain Feature Release 8.1.0.10
- Dell Digital Delivery
Remediation
Refer to the Dell Security Advisory for patch, upgrade, or suggested workaround information.