PT-2025-31817 · Dell · Dell Powerprotect Data Domain

Published

2025-08-04

Updated

2025-08-05

CVE-2025-36594

Report an issue

CVSS v3.1

9.8

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions:

Dell PowerProtect Data Domain versions 7.7.1.0 through 8.3.0.15

Dell PowerProtect Data Domain versions 7.10.1.0 through 7.10.1.60

Dell PowerProtect Data Domain versions 7.13.1.0 through 7.13.1.25

Description:

Dell PowerProtect Data Domain contains an authentication bypass vulnerability that allows an unauthenticated attacker with remote access to bypass protection mechanisms. This could lead to the creation of accounts, potentially exposing customer information and affecting system integrity and availability.

Recommendations:

For versions 7.7.1.0 through 8.3.0.15, update to a newer version.

For versions 7.10.1.0 through 7.10.1.60, update to a newer version.

For versions 7.13.1.0 through 7.13.1.25, update to a newer version.

Fix

Authentication Bypass by Spoofing

Weakness Enumeration

CWE-290

Related Identifiers

CVE-2025-36594

Affected Products

Dell Powerprotect Data Domain

PT-2025-31817 · Dell · Dell Powerprotect Data Domain

Weakness Enumeration

Related Identifiers

Affected Products

References · 6