CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2025-36594

CVSS 9.8v3.1pub. 2025-08-04upd. 2025-10-16

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Authentication Bypass by Spoofing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Remote unauthenticated user can create account that potentially expose customer info, affect system integrity and availability.

🤖 AI Analysis
How it works

The vulnerability classified as CWE-290 (Authentication Bypass by Spoofing) involves the DD OS system authentication mechanism being bypassed through impersonation of an authorized entity. A remote, unauthenticated attacker can exploit this flaw to create a new account in the system without possessing any prior privileges. This results in complete circumvention of the system's security mechanisms.

Impact

An attacker can create unauthorized accounts in the system, leading to potential customer data disclosure, system integrity violation, and reduced availability.

Mitigation & patch

Apply patches available from the vendor according to references — detailed information about patched versions is available in Dell security bulletin DSA-2025-159 at: https://www.dell.com/support/kbdoc/en-us/000348708/dsa-2025-159-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities

Who is affected

Dell PowerProtect Data Domain with DD OS in the following versions: Feature Release 7.7.1.0–8.3.0.15, LTS2024 7.13.1.0–7.13.1.25, LTS2023 7.10.1.0–7.10.1.60

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Dell Data Domain Operating System

    OS
    Dell
    7.7.1.0 – 7.10.1.70 (bez)7.13.1.0 – 7.13.1.30 (bez)8.0.0.0 – 8.3.1.0 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2026-26354HIGH8.1ten sam produkt

Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through...

CVE-2026-24506HIGH7.2ten sam produkt

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20,...

CVE-2026-23774HIGH7.2ten sam produkt

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 th...

CVE-2026-24504HIGH7.2ten sam produkt

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20,...

CVE-2026-24505HIGH7.2ten sam produkt

Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain an improper input validation vulnerability. A ...