CVE-2025-36594

Summary

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Authentication Bypass by Spoofing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Remote unauthenticated user can create account that potentially expose customer info, affect system integrity and availability.

Affected Software

VendorProductVersion RangeStatus
DellPowerProtect Data Domain Feature Release7.7.1.0 <= 8.3.0.15affected
DellPowerProtect Data Domain LTS20247.13.1.0 <= 7.13.1.25affected
DellPowerProtect Data Domain LTS 20237.10.1.0 <= 7.10.1.60affected

Weaknesses

  • CWE-290: CWE-290: Authentication Bypass by Spoofing

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References