CVE-2025-46676 – Dell PowerProtect Data Domain systems running a... (How to Fix)

Q: What is the severity of CVE-2025-46676?

CVE-2025-46676 has a CVSS score of 2.7 (LOW). Dell PowerProtect Data Domain systems running affected DD OS versions contain an information disclosure vulnerability. A high-privileged attacker with remote access could exploit this to access sensitive information. This affects multiple long-term support and feature release versions of the Data Domain Operating System.

📋 TL;DR

Dell PowerProtect Data Domain systems running affected DD OS versions contain an information disclosure vulnerability. A high-privileged attacker with remote access could exploit this to access sensitive information. This affects multiple long-term support and feature release versions of the Data Domain Operating System.

💻 Affected Systems

Products:

Dell PowerProtect Data Domain

Versions: DD OS Feature Release 7.7.1.0 through 8.4.0.0, LTS2025 8.3.1.10, LTS2024 7.13.1.0 through 7.13.1.40, LTS2023 7.10.1.0 through 7.10.1.70

Operating Systems: Data Domain Operating System (DD OS)

Default Config Vulnerable: ⚠️ Yes

Notes: All affected versions in default configuration are vulnerable. Requires high-privileged remote access to exploit.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

High-privileged attacker gains unauthorized access to sensitive system information, potentially including credentials, configuration data, or other protected information.

🟠

Likely Case

Authorized but malicious insider or compromised high-privilege account accesses sensitive information they shouldn't have access to.

🟢

If Mitigated

With proper access controls and monitoring, the impact is limited to authorized users accessing information within their legitimate scope.

🌐 Internet-Facing: LOW - Requires high-privileged remote access, making internet-facing exploitation unlikely without prior compromise.

🏢 Internal Only: MEDIUM - Internal high-privileged users or compromised internal accounts could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW - High-privileged access makes exploitation straightforward once access is obtained.

Exploitation requires existing high-privileged remote access. No public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Dell advisory DSA-2025-415 for specific patched versions

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000405813/dsa-2025-415-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities

Restart Required: Yes

Instructions:

1. Review Dell advisory DSA-2025-415. 2. Download appropriate patch for your DD OS version. 3. Apply patch following Dell's update procedures. 4. Restart system as required. 5. Verify patch application.

🔧 Temporary Workarounds

Restrict High-Privilege Access

all

Limit the number of accounts with high privileges and implement strict access controls.

Network Segmentation

all

Isolate Data Domain systems from untrusted networks and implement strict firewall rules.

🧯 If You Can't Patch

Implement strict access controls and least privilege principles for all accounts
Monitor and audit all high-privilege account activity on affected systems

🔍 How to Verify

Check if Vulnerable:

Check DD OS version using 'version' command in Data Domain CLI and compare against affected versions list.

Check Version:

version (in Data Domain CLI)

Verify Fix Applied:

Verify DD OS version is updated to a version not listed in the affected ranges, or check with Dell support for patch verification.

📡 Detection & Monitoring

Log Indicators:

Unusual access patterns by high-privilege accounts
Access to sensitive information stores by unauthorized users

Network Indicators:

Unusual remote access patterns to Data Domain systems

SIEM Query:

Search for access to sensitive data stores by high-privilege accounts outside normal patterns

📊 Metadata

CVE ID: CVE-2025-46676

CVSS v3 Score: 2.7 (LOW)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-200

EPSS Score: 0.04% exploit probability (12.1th percentile)

Published: January 9, 2026

Last Updated: February 5, 2026

🔗 References

https://www.dell.com/support/kbdoc/en-us/000405813/dsa-2025-415-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-46676, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Data Domain Operating System by Dell

Data Domain Operating System by Dell

Data Domain Operating System by Dell

Data Domain Operating System by Dell

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict High-Privilege Access

Network Segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities