CVE-2025-29987
HIGHDescription
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root privileges.
Is your site exposed to CVE-2025-29987?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| dell | powerprotect_data_domain |
| dell | data_domain_operating_system |
| dell | data_domain_operating_system |
| dell | data_domain_operating_system |
| dell | powerprotect_dm5500_firmware |
| dell | powerprotect_dm5500 |
References
Frequently Asked Questions
What is CVE-2025-29987? +
How severe is CVE-2025-29987? +
What products are affected by CVE-2025-29987? +
How do I check if I'm vulnerable to CVE-2025-29987? +
Related Vulnerabilities
Improper Input Validation in the AMD RAID driver could allow an attacker to point to an arbitrary memory location potentially …
A vulnerability has been identified in the Now Platform that could result in data being inferred without authorization. Under certain …
Insufficient granularity of access control in ASP (AMD Secure Processor) may allow an attacker with an untrusted user space application …
This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS …
A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through …
A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate …