CVE-2025-29987

Summary

CVE-2025-29987 is a newly disclosed vulnerability affecting Dell PowerProtect Data Domain systems running on Data Domain Operating System (DD OS) versions below 8.3.0.15. This issue involves an Insufficient Granularity of Access Control, allowing an authenticated user from a trusted remote client to surreptitiously execute arbitrary commands with elevated privileges, effectively gaining root access to the affected systems. Successful exploitation could lead to significant data loss or system compromise. System administrators are urged to upgrade to the latest DD OS version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.