CVE Details
Basic Information
| Title | CVE-2025-36594 |
|---|---|
| Type | cve |
| Published | 2025-08-04T14:25:56.750Z |
| Modified | 2025-08-04T15:28:40.856Z |
Product Information
| Vendor | Dell |
|---|---|
| Product | PowerProtect Data Domain Feature Release |
| Version | 7.7.1.0 |
CVSS Information
| Base Score | 9.8 (CRITICAL) |
|---|---|
| Attack Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
AI Analysis
| AI Description | A critical vulnerability in Dell PowerProtect Data Domain allows remote attackers to bypass authentication, potentially exposing customer information and affecting system integrity and availability. |
|---|---|
| AI Severity | Critical |
| AI Vendor | Dell |
| AI Product | PowerProtect Data Domain |
| AI Version | 7.7.1.0, 7.10.1.0, 7.13.1.0 |
Affected Products
- Dell PowerProtect Data Domain Feature Release 7.7.1.0
- Dell PowerProtect Data Domain LTS2024 7.13.1.0
- Dell PowerProtect Data Domain LTS 2023 7.10.1.0
Additional Information
| CWE List | CWE-290 |
|---|---|
| Source | dell |
Description
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Authentication Bypass by Spoofing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Remote unauthenticated user can create account that potentially expose customer info, affect system integrity and availability.