1. Home
  2. CVE Database
  3. CVE-2025-29987
HIGH · 8.8

CVE-2025-29987

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a tru...

Vulnerability Description

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root privileges.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
DellPowerprotect Data Domain< 7.10.1.60
DellData Domain Operating System>= 7.10.1.0, < 7.10.1.60
DellPowerprotect Dm5500 Firmware>= 5.12, < 5.19.0.0
DellPowerprotect Dm5500-

Related Weaknesses (CWE)

CWE-1220

References

FAQ

What is CVE-2025-29987?

CVE-2025-29987 is a vulnerability with a CVSS score of 8.8 (HIGH). Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a tru...

How severe is CVE-2025-29987?

CVE-2025-29987 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-29987?

Check the references section above for vendor advisories and patch information. Affected products include: Dell Powerprotect Data Domain, Dell Data Domain Operating System, Dell Powerprotect Dm5500 Firmware, Dell Powerprotect Dm5500.