Dell Technologies has issued a security update to address a critical vulnerability (CVE-2025-29987) in its PowerProtect Data Domain Operating System (DD OS). This vulnerability allows authenticated attackers to execute arbitrary commands with root privileges, creating a significant security risk for users. The issue arises from insufficient access control granularity, enabling attackers to exploit the flaw and gain control over the affected system. Dell has assigned a high CVSS score of 8.8 to this vulnerability, highlighting the potential damage it could cause if exploited.
To protect against this vulnerability, Dell has recommended that users update their systems to the latest remediated versions. The affected versions of DD OS and other products, including PowerProtect DP Series Appliances and Disk Library for Mainframe, are listed with corresponding remediated versions. The updates aim to resolve the vulnerability, thereby preventing unauthorized access and protecting sensitive data stored on affected devices.
Dell has emphasized that all customers running vulnerable versions should upgrade immediately.
Affected products include various versions of DD OS, PowerProtect DP Series Appliance, and Disk Library for Mainframe, as outlined in Dell’s advisory. For instance, DD OS versions between v7.7.1.0 and v8.3.0.10, v7.13.1.0 to v7.13.1.20, and v7.10.1.0 to v7.10.1.50 are vulnerable. Dell has provided specific version numbers for each product and recommended that users upgrade to versions that eliminate the risk.
These updates will ensure that systems remain secure and that access control vulnerabilities are mitigated.
Dell encourages users to follow the necessary remediation steps, which include identifying whether their system is running an affected version, downloading the remediated software, and performing the upgrade. After the upgrade, users should test the system to ensure that it functions correctly and that no security issues remain. Dell also advises customers to stay informed by monitoring security advisories and applying updates as part of their regular maintenance practices to avoid future vulnerabilities.
