A significant security vulnerability has been identified in Dell Technologies PowerProtect Data Domain systems, posing a risk of unauthorized system compromise.
The vulnerability, tracked as CVE-2025-29987, exists within Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15. The core issue is an “Insufficient Granularity of Access Control vulnerability“. This flaw could allow “an authenticated user from a trusted remote client” to exploit the system and “execute arbitrary commands with root privileges“. This level of access could enable malicious actors to take full control of the affected system, leading to severe consequences such as data breaches, data manipulation, or denial of service.
The vulnerability affects a range of Dell PowerProtect Data Domain products, including:
- Dell PowerProtect Data Domain series appliances
- Dell PowerProtect Data Domain Virtual Edition
- Dell APEX Protection Storage
Specific affected DD OS versions and their corresponding remediated versions are detailed in the following table:
| CVEs | Affected Versions | Remediated Versions |
| CVE-2025-29987 | DD OS versions prior to 8.3.0.15, 7.13.1.0 through 7.13.1.20, 7.10.1.0 through 7.10.1.50 | 8.3.0.15 or later, 7.13.1.25 or later, 7.10.1.60 or later |
Dell has provided remediated versions to address this vulnerability. It is crucial for users of the affected products to upgrade to the specified remediated versions as soon as possible.
Given the severity of this vulnerability, immediate action is required. Dell strongly recommends that all users of affected PowerProtect Data Domain systems apply the provided remediation to mitigate the risk of exploitation. Upgrading to the patched DD OS versions will ensure that the vulnerability is addressed and systems are secured against potential attacks.
For detailed information on how to obtain and apply the remediated versions, please refer to the support links provided by Dell.
