Security updates: Root attacks on Dell PowerProtect and Unity possible
Attackers can exploit several vulnerabilities in Dell's backup solution PowerProtect and storage solution Unity.
(Image: AFANASEV IVAN/Shutterstock.com)
To prevent possible attacks, admins should update Dell PowerProtect Data Domain and Unity, UnityVSA and Unity XT to the latest version. If this is not done, attackers can access instances with root rights and compromise them.
Various dangers
In a warning message about the vulnerabilities in the Dell PowerProtect Data Domain backup solution, the developers state that gaps in components such as Curl and PostgreSQL have been closed. However, the application's code was also directly vulnerable and attackers could have bypassed security measures to create their own accounts (CVE-2025-36594 "critical").
Because inputs are not sufficiently checked (CVE-2025-30099 "high"), attackers can even execute malicious code with root privileges. Issues 7.1.0.1.60, 7.10.1.70, 7.13.1.30, 8.3.1.0 and 8.4.0.0 are equipped against this.
Videos by heise
Unity is also vulnerable to malicious code attacks as root. Unity Operating Environment 5.5.1 provides a remedy here. According to the developers, all previous versions are vulnerable.
It is currently not known whether there are already attacks.
(des)
