Cyber Resilience

CVE-2024-53295

High

Published: 01 February 2025

Published
01 February 2025
Modified
07 February 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0009 26.1th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-53295 is a high-severity Insufficient Granularity of Access Control (CWE-1220) vulnerability in Dell Data Domain Operating System. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 26.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2024-53295 is an improper access control vulnerability affecting Dell PowerProtect DD systems in versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20. Published on February 1, 2025, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-1220 and NVD-CWE-Other. The flaw stems from inadequate access controls, allowing unauthorized manipulation of system resources.

A local malicious user with low privileges can exploit this vulnerability without user interaction. Successful exploitation enables escalation of privileges, potentially granting full administrative access and compromising confidentiality, integrity, and availability of the affected system.

Dell's security advisory DSA-2025-022, detailed at https://www.dell.com/support/kbdoc/en-us/000279157/dsa-2025-022-security-update-for-dell-powerprotect-dd-multiple-vulnerabilities, addresses this and other vulnerabilities in PowerProtect DD. Mitigation requires updating to Dell PowerProtect DD version 8.3.0.0 or later, 7.10.1.50 or later, or 7.13.1.20 or later, depending on the supported branch.

EU & UK References

Vulnerability details

Dell PowerProtect DD versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Direct local privilege escalation via improper access control flaw on the target system.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-36568Same product: Dell Data Domain Operating System
CVE-2026-23775Same product: Dell Data Domain Operating System
CVE-2025-36594Same product: Dell Data Domain Operating System
CVE-2024-51534Same product: Dell Data Domain Operating System
CVE-2025-46645Same product: Dell Data Domain Operating System
CVE-2025-22475Same product: Dell Data Domain Operating System
CVE-2026-23778Same product: Dell Data Domain Operating System
CVE-2026-23776Same product: Dell Data Domain Operating System
CVE-2025-21105Same vendor: Dell
CVE-2025-27688Same vendor: Dell

Affected Assets

dell
data domain operating system
7.10.1.0 — 7.10.1.50 · 7.13.1.0 — 7.13.1.20 · 7.14.0.0 — 8.3.0.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces approved authorizations for access to system resources, mitigating the improper access control that enables low-privilege users to escalate privileges.

prevent

Employs least privilege principle to restrict low-privilege users from accessing or manipulating resources needed for privilege escalation.

prevent

Requires timely identification, reporting, and correction of flaws like this improper access control vulnerability through vendor-recommended patching.

References