CVE-2025-46605
published 2026-04-17CVE-2025-46605: Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain a session fixation vulnerability. A…
PriorityP346high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
0.31%
23.1th percentile
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain a session fixation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dell | data_domain_operating_system | >= 8.4.0.0 < 8.6.0.0 | 8.6.0.0 |
| dell | powerprotect_data_domain | < 8.6.0.0 or later | 8.6.0.0 or later |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Dell PowerProtect Data Domain up to 8.5 session fixiation (dsa-2026-060)
vuldb·2026-04-17·CVSS 6.2
CVE-2025-46605 [MEDIUM] Dell PowerProtect Data Domain up to 8.5 session fixiation (dsa-2026-060)
A vulnerability, which was classified as critical, has been found in Dell PowerProtect Data Domain up to 8.5. This issue affects some unknown processing. Performing a manipulation results in session fixiation.
This vulnerability is known as CVE-2025-46605. Remote exploitation of the attack is possible. No exploit is available.
GHSA
GHSA-wx63-92xj-ggq5: Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8
ghsa_unreviewed·2026-04-17
CVE-2025-46605 [MEDIUM] CWE-384 GHSA-wx63-92xj-ggq5: Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain a session fixation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-17
Published