CVE-2025-46676Sensitive Information Exposure in Dell Powerprotect Data Domain With Data Domain Operating System Feature Release

CWE-200Sensitive Information ExposureCWE-369Divide By Zero4 documents4 sources
Severity
4.9MEDIUMNVD
CNA2.7
EPSS
0.0%
top 96.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Dell Powerprotect Data Domain With Data Domain Operating System Feature ReleaseDell Powerprotect Data Domain With Data Domain Operating System Lts2023Dell Powerprotect Data Domain With Data Domain Operating System Lts2024+2 more
Timeline
PublishedJan 9

Description

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70, contain an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages5 packages

NVDdell/data_domain_operating_system7.7.1.07.10.1.80+3

🔴Vulnerability Details

2
GHSA
GHSA-q3wr-c9vh-mxp6: Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 72026-01-09
CVEList
CVE-2025-46676: Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 72026-01-09

📋Vendor Advisories

1
Microsoft
nfc: pn533: Add poll mod list filling check2024-09-10
CVE-2025-46676 — Sensitive Information Exposure in Dell | cvebase