CVE-2025-46676

CVSS v3 2.7 LOW

2.7^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

D

ell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70, contain an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000405813/dsa-2025-415-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:dell:data_domain_operating_system::::::::
	cpe:2.3:o:dell:data_domain_operating_system::::::::
	cpe:2.3:o:dell:data_domain_operating_system::::::::
	cpe:2.3:o:dell:data_domain_operating_system:8.4.0.0:::::::*

History

05 Feb 2026, 13:28

Type	Values Removed	Values Added
First Time		Dell Dell data Domain Operating System
References	~~() https://www.dell.com/support/kbdoc/en-us/000405813/dsa-2025-415-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities -~~	() https://www.dell.com/support/kbdoc/en-us/000405813/dsa-2025-415-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities - Vendor Advisory
CPE		cpe:2.3:o:dell:data_domain_operating_system:::::::: cpe:2.3:o:dell:data_domain_operating_system:8.4.0.0:::::::*

09 Jan 2026, 16:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-09 16:16

Updated : 2026-02-05 13:28

NVD link : CVE-2025-46676

Mitre link : CVE-2025-46676

CVE.ORG link : CVE-2025-46676

JSON object : View

Products Affected

data_domain_operating_system

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2025-46676", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2026-01-09T16:16:06.760", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000405813/dsa-2025-415-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70, contain an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure."}], "lastModified": "2026-02-05T13:28:12.150", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18AD8BC6-ABF7-4990-91C6-D228BBE4B9FE", "versionEndExcluding": "7.10.1.80", "versionStartIncluding": "7.7.1.0"}, {"criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00F138B9-4AB9-4B79-BBEC-F5A48E2E0B05", "versionEndExcluding": "7.13.1.50", "versionStartIncluding": "7.13.1.0"}, {"criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B8DA06B-076A-495E-9BD0-246BF1E54E26", "versionEndExcluding": "8.3.1.20", "versionStartIncluding": "8.3.1.0"}, {"criteria": "cpe:2.3:o:dell:data_domain_operating_system:8.4.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF73C39B-827B-4A68-9708-08345F6EF979"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}