216.73.216.6

CVE-2025-36594

· Published 04/08/2025 15:15 · Modified 05/08/2025 14:34

Labels: CVE-2025-36594 2025-08-04CVE-2025-36594CWE-290[email protected]

Essential information

Published
04/08/2025 15:15
Modified
05/08/2025 14:34
Author
Creator
CVSS
9.8 CRITICAL (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Authentication Bypass by Spoofing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Remote unauthenticated user can create account that potentially expose customer info, affect system integrity and availability.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
dell / powerprotect data domain cpe:2.3:a:dell:powerprotect_data_domain:7.7.1.0-8.3.0.15:*:*:*:*:*:*:*
dell / powerprotect data domain lts cpe:2.3:a:dell:powerprotect_data_domain_lts:2024:7.13.1.0-7.13.1.25:*:*:*:*:*:*:*
dell / powerprotect data domain lts cpe:2.3:a:dell:powerprotect_data_domain_lts:2023:7.10.1.0-7.10.1.60:*:*:*:*:*:*:*

References