Exposure of Sensitive Information in Dell PowerProtect Data Domain
CVE-2025-46676

2.7LOW

Key Information:

Vendor

Dell
Status
Powerprotect Data Domain With Data Domain Operating System (dd Os) Feature Release
Powerprotect Data Domain With Data Domain Operating System (dd Os) Lts2025
Powerprotect Data Domain With Data Domain Operating System (dd Os) Lts2024
Powerprotect Data Domain With Data Domain Operating System (dd Os) Lts2023
Vendor
CVE Published:
9 January 2026

What is CVE-2025-46676?

Dell PowerProtect Data Domain products with specific versions of the Data Domain Operating System are susceptible to a vulnerability that allows a high privileged attacker with remote access to potentially exploit this weakness. This could lead to unauthorized disclosure of sensitive information, posing significant risks to organizations relying on this data management solution. It is crucial for users of affected versions to apply the necessary security updates to mitigate these risks.

Affected Version(s)

PowerProtect Data Domain with Data Domain Operating System (DD OS) Feature Release 7.7.1.0 < 8.5.0.0

PowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2023 7.10.1.0 < 7.10.1.80

PowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2024 7.13.1.0 < 7.13.1.50

References

https://www.dell.com/support/kbdoc/en-us/000405813/dsa-20...
vendor-advisory

CVSS V3.1

Score:
2.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-46676 : Exposure of Sensitive Information in Dell PowerProtect Data Domain