CVE-2025-46607
published 2026-04-17CVE-2025-46607: Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper authentication…
PriorityP347high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
0.37%
28.7th percentile
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper authentication vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dell | data_domain_operating_system | 8.4.0.0 – 8.5.0.0 | — |
| dell | powerprotect_data_domain | < 8.6.0.0 or later | 8.6.0.0 or later |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w6h6-qc6q-q65w: Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8
ghsa_unreviewed·2026-04-17
CVE-2025-46607 [MEDIUM] CWE-287 GHSA-w6h6-qc6q-q65w: Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper authentication vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access.
VulDB
Dell PowerProtect Data Domain up to 8.5 improper authentication (dsa-2026-060)
vuldb·2026-04-17·CVSS 6.6
CVE-2025-46607 [MEDIUM] Dell PowerProtect Data Domain up to 8.5 improper authentication (dsa-2026-060)
A vulnerability, which was classified as critical, was found in Dell PowerProtect Data Domain up to 8.5. Impacted is an unknown function. Executing a manipulation can lead to improper authentication.
This vulnerability is handled as CVE-2025-46607. The attack can be executed remotely. There is not any exploit available.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-17
Published