Executive Summary

Dell Technologies recently issued a critical security update addressing a vulnerability in their PowerProtect Data Domain systems, designated as DSA-2025-139. Identified as CVE-2025-29987, this flaw could allow authenticated users from trusted clients to gain unauthorized root access, potentially compromising data integrity and confidentiality. Although there is no current evidence of exploitation, it is imperative for organizations using the affected versions to apply the recommended security patches. The vulnerability's high CVSS score of 8.8 underscores the urgency for remediation.

Technical Information

The DSA-2025-139 vulnerability affects the access control mechanisms within the PowerProtect Data Domain Operating System. Specifically, it allows authenticated users to execute arbitrary commands with root privileges due to insufficient granularity of access control. This vulnerability impacts systems running DD OS versions 7.7.1.0 through 8.3.0.10, 7.13.1.0 through 7.13.1.20, and 7.10.1.0 through 7.10.1.50. The severity of this flaw is reflected in its CVSS vector string, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating a significant risk to system confidentiality, integrity, and availability.

The vulnerability affects several products, including the Dell PowerProtect Data Domain series appliances, Dell PowerProtect Data Domain Virtual Edition, Dell APEX Protection Storage, and the Dell PowerProtect DP Series Appliance (IDPA). Additionally, it impacts Disk Library for Mainframe DLm8500 and DLm8700 and PowerProtect DM5500. The root cause lies in a flaw that permits elevated privileges, posing a severe threat if exploited.

Exploitation in the Wild

As of the current analysis, there are no known instances of this vulnerability being actively exploited in the wild. No publicly available exploits have been reported, and no specific APT groups have targeted this vulnerability according to threat intelligence sources such as MITRE. However, given the potential impact, organizations are urged to act swiftly in applying the necessary updates.

APT Groups using this vulnerability

There are no known Advanced Persistent Threat (APT) groups exploiting this specific vulnerability. It remains crucial for organizations to monitor threat intelligence feeds for any emerging threats or changes in the status of this vulnerability.

Affected Product Versions

The vulnerability affects the following versions: - Dell PowerProtect Data Domain Operating System (DD OS) versions 7.7.1.0 through 8.3.0.10, 7.13.1.0 through 7.13.1.20, and 7.10.1.0 through 7.10.1.50. - PowerProtect DP Series Appliance (IDPA) versions 2.7.6, 2.7.7, and 2.7.8. - Disk Library for Mainframe DLm8500 and DLm8700. - PowerProtect DM5500 prior to version 5.18.0.1.

Workaround and Mitigation

Dell Technologies recommends upgrading to remediated versions: DD OS version 8.3.0.15 or later, 7.13.1.25 or later, and 7.10.1.60 or later. For PowerProtect DM5500, upgrade to version 5.19.0.0 or later. Regularly monitor systems for any unusual activity and ensure adherence to cybersecurity best practices, including patch management and threat intelligence monitoring.

References

For further information, consult the Dell Technologies Security Advisory available at this link: DSA-2025-139 Dell Technologies PowerProtect Data Domain Security Update.

Rescana is here for you

At Rescana, we understand the complexities and challenges of managing cybersecurity risks. Our Third Party Risk Management (TPRM) platform is designed to help organizations identify and mitigate vulnerabilities by providing comprehensive insights and monitoring capabilities. If you have questions about this report or need assistance with your cybersecurity strategy, please contact us at ops@rescana.com.