PT-2026-1806 · Dell · Data Domain Operating System+1
Published
2026-01-09
·
Updated
2026-02-05
·
CVE-2025-46645
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Dell PowerProtect Data Domain versions 7.7.1.0 through 8.4.0.0
Dell PowerProtect Data Domain LTS2025 release version 8.3.1.10
Dell PowerProtect Data Domain LTS2024 release versions 7.13.1.0 through 7.13.1.40
Dell PowerProtect Data Domain LTS 2023 release versions 7.10.1.0 through 7.10.1.70
Description
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) contains an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') issue. A high privileged attacker with remote access could potentially exploit this, leading to command execution.
Recommendations
Dell PowerProtect Data Domain versions 7.7.1.0 through 8.4.0.0 should be updated.
Dell PowerProtect Data Domain LTS2025 release version 8.3.1.10 should be updated.
Dell PowerProtect Data Domain LTS2024 release versions 7.13.1.0 through 7.13.1.40 should be updated.
Dell PowerProtect Data Domain LTS 2023 release versions 7.10.1.0 through 7.10.1.70 should be updated.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Data Domain Operating System
Dell Powerprotect Data Domain