DSA-2025-415: Security Update for Dell PowerProtect Data Domain Multiple Vulnerabilities

Summary: ell PowerProtect Data Domain remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

Critical

Additional Details

Critical severity originates from CVE-2024-38476 associated with Apache component

Details

Third-Party Component
CVEs
More Information
Apache server
CVE-2024-38476, CVE-2024-38477, CVE-2023-38709
https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Apache Tomcat
CVE-2025-48734, CVE-2025-48976, CVE-2025-48988, CVE-2025-49124, CVE-2025-49125
https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Libexpat
CVE-2024-8176
https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Jinja
CVE-2025-27516
https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
CPython
CVE-2025-0938
https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Proprietary Code CVEs
Description
CVSS Base Score
CVSS Vector String
CVE-2025-46645
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70,containan Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Ahighprivileged attacker with remote access could potentially exploit this vulnerability, leading toCommandexecution.
6.5
CVE-2025-46644
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS2023 release versions 7.10.1.0 through 7.10.1.70,containan Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Ahighprivileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.
6.0
CVE-2025-46676
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70,containan Exposure of Sensitive Information to an Unauthorized Actor vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
2.7
CVE-2025-46643
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70,containa Heap-based Buffer Overflow vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service.
2.3
Proprietary Code CVEs
Description
CVSS Base Score
CVSS Vector String
CVE-2025-46645
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70,containan Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Ahighprivileged attacker with remote access could potentially exploit this vulnerability, leading toCommandexecution.
6.5
CVE-2025-46644
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS2023 release versions 7.10.1.0 through 7.10.1.70,containan Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Ahighprivileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.
6.0
CVE-2025-46676
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70,containan Exposure of Sensitive Information to an Unauthorized Actor vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
2.7
CVE-2025-46643
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70,containa Heap-based Buffer Overflow vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service.
2.3
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

CVEsAddressed
Product
Software/Firmware
Affected Versions
Remediated Versions
Link
CVE-2024-38476, CVE-2024-38477, CVE-2023-38709,CVE-2025-48734, CVE-2025-48976, CVE-2025-48988, CVE-2025-49124, CVE-2025-49125,CVE-2025-46645,CVE-2025-46676
DD OS 8.5
Dell PowerProtectData Domainseries appliances,Data Domain Virtual Edition,Data Domain Management Center,andDell APEX Protection StoragewithData Domain Operating System (DD OS)Feature Release
Versions 7.7.1.0through 8.4.0.0
Version 8.5.0.0or later
CVE-2024-38476, CVE-2024-38477, CVE-2023-38709, CVE-2025-48734, CVE-2025-48976, CVE-2025-48988, CVE-2025-49124, CVE-2025-49125, CVE-2025-46645, CVE-2025-46676
DD OS8.3.1

Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, Data Domain Management Center, and Dell APEX Protection Storage with Data Domain Operating System (DD OS)LTS20258.3.1
Versions8.3.1.0through8.3.1.10
Version8.3.1.20or later
CVE-2024-38476, CVE-2024-38477, CVE-2023-38709, CVE-2025-48734, CVE-2025-48976, CVE-2025-48988, CVE-2025-49124, CVE-2025-49125, CVE-2025-46645, CVE-2025-46676
DD OS7.13.1
Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, Data Domain Management Center, and Dell APEX Protection Storage with Data Domain Operating System (DD OS)LTS2024 7.13.1
Versions 7.13.1.0 through 7.13.1.40
Version7.13.1.50 or later
CVE-2024-38476, CVE-2024-38477, CVE-2023-38709, CVE-2025-48734, CVE-2025-48976, CVE-2025-48988, CVE-2025-49124, CVE-2025-49125,CVE-2025-46645, CVE-2025-46676
DD OS7.10.1
 
 
Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, Data Domain Management Center, and Dell APEX Protection Storage with Data Domain Operating System (DD OS)LTS2023 7.10.1
Versions 7.10.1.0 through 7.10.1.70
Version7.10.1.80 or later
CVE-2025-27516,CVE-2025-0938,CVE-2025-46644,CVE-2025-46643
DD OS 8.5

)
Dell PowerProtectData Domainseries appliances,Data Domain Virtual Edition, andDellAPEX Protection StoragewithData Domain Operating System (DD OS)Feature Release
Versions 7.7.1.0 through 8.4.0.0
Version 8.5.0.0or later
CVE-2025-27516,CVE-2025-46644, CVE-2025-46643
DD OS8.3.1

Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, and Dell APEX Protection Storage with Data Domain Operating System (DD OS)LTS20258.3.1
Versions8.3.1.0through8.3.1.10
Version8.3.1.20or later
CVE-2025-27516,CVE-2025-0938,CVE-2025-46644, CVE-2025-46643
DD OS7.13.1

Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, and Dell APEX Protection Storage with Data Domain Operating System (DD OS)LTS2024 7.13.1
Versions 7.13.1.0 through 7.13.1.40
Version7.13.1.50 or later
CVE-2025-27516,CVE-2025-46644, CVE-2025-46643
DD OS 7.10.1
 
Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, and Dell APEX Protection Storage with Data Domain Operating System (DD OS)LTS2023 7.10.1
Versions 7.10.1.0 through 7.10.1.70
Version7.10.1.80 or later
CVE-2024-8176
DD OS 8.5
Dell PowerProtectData DomainManagement CenterwithData Domain Operating System (DD OS)Feature Release
Versions 7.7.1.0 through 8.4.0.0
Version 8.5.0.0or later
CVE-2024-8176
DD OS8.3.1
Dell PowerProtect Data Domain Management Center with Data Domain Operating System (DD OS) Feature ReleaseLTS20258.3.1
Versions8.3.1.0through8.3.1.10
Version8.3.1.20or later
CVE-2024-8176
DD OS7.13.1

Dell PowerProtect Data Domain Management Center with Data Domain Operating System (DD OS) Feature ReleaseLTS2024 7.13.1
Versions 7.13.1.0 through 7.13.1.40
Version7.13.1.50 or later
CVE-2024-8176
DD OS 7.10.1
 
Dell PowerProtect Data Domain Management Center with Data Domain Operating System (DD OS) Feature ReleaseLTS2023 7.10.1
Versions 7.10.1.0 through 7.10.1.70
Version7.10.1.80 or later
CVEsAddressed
Product
Software/Firmware
Affected Versions
Remediated Versions
Link
CVE-2024-38476, CVE-2024-38477, CVE-2023-38709,CVE-2025-48734, CVE-2025-48976, CVE-2025-48988, CVE-2025-49124, CVE-2025-49125,CVE-2025-46645,CVE-2025-46676
DD OS 8.5
Dell PowerProtectData Domainseries appliances,Data Domain Virtual Edition,Data Domain Management Center,andDell APEX Protection StoragewithData Domain Operating System (DD OS)Feature Release
Versions 7.7.1.0through 8.4.0.0
Version 8.5.0.0or later
CVE-2024-38476, CVE-2024-38477, CVE-2023-38709, CVE-2025-48734, CVE-2025-48976, CVE-2025-48988, CVE-2025-49124, CVE-2025-49125, CVE-2025-46645, CVE-2025-46676
DD OS8.3.1

Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, Data Domain Management Center, and Dell APEX Protection Storage with Data Domain Operating System (DD OS)LTS20258.3.1
Versions8.3.1.0through8.3.1.10
Version8.3.1.20or later
CVE-2024-38476, CVE-2024-38477, CVE-2023-38709, CVE-2025-48734, CVE-2025-48976, CVE-2025-48988, CVE-2025-49124, CVE-2025-49125, CVE-2025-46645, CVE-2025-46676
DD OS7.13.1
Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, Data Domain Management Center, and Dell APEX Protection Storage with Data Domain Operating System (DD OS)LTS2024 7.13.1
Versions 7.13.1.0 through 7.13.1.40
Version7.13.1.50 or later
CVE-2024-38476, CVE-2024-38477, CVE-2023-38709, CVE-2025-48734, CVE-2025-48976, CVE-2025-48988, CVE-2025-49124, CVE-2025-49125,CVE-2025-46645, CVE-2025-46676
DD OS7.10.1
 
 
Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, Data Domain Management Center, and Dell APEX Protection Storage with Data Domain Operating System (DD OS)LTS2023 7.10.1
Versions 7.10.1.0 through 7.10.1.70
Version7.10.1.80 or later
CVE-2025-27516,CVE-2025-0938,CVE-2025-46644,CVE-2025-46643
DD OS 8.5

)
Dell PowerProtectData Domainseries appliances,Data Domain Virtual Edition, andDellAPEX Protection StoragewithData Domain Operating System (DD OS)Feature Release
Versions 7.7.1.0 through 8.4.0.0
Version 8.5.0.0or later
CVE-2025-27516,CVE-2025-46644, CVE-2025-46643
DD OS8.3.1

Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, and Dell APEX Protection Storage with Data Domain Operating System (DD OS)LTS20258.3.1
Versions8.3.1.0through8.3.1.10
Version8.3.1.20or later
CVE-2025-27516,CVE-2025-0938,CVE-2025-46644, CVE-2025-46643
DD OS7.13.1

Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, and Dell APEX Protection Storage with Data Domain Operating System (DD OS)LTS2024 7.13.1
Versions 7.13.1.0 through 7.13.1.40
Version7.13.1.50 or later
CVE-2025-27516,CVE-2025-46644, CVE-2025-46643
DD OS 7.10.1
 
Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, and Dell APEX Protection Storage with Data Domain Operating System (DD OS)LTS2023 7.10.1
Versions 7.10.1.0 through 7.10.1.70
Version7.10.1.80 or later
CVE-2024-8176
DD OS 8.5
Dell PowerProtectData DomainManagement CenterwithData Domain Operating System (DD OS)Feature Release
Versions 7.7.1.0 through 8.4.0.0
Version 8.5.0.0or later
CVE-2024-8176
DD OS8.3.1
Dell PowerProtect Data Domain Management Center with Data Domain Operating System (DD OS) Feature ReleaseLTS20258.3.1
Versions8.3.1.0through8.3.1.10
Version8.3.1.20or later
CVE-2024-8176
DD OS7.13.1

Dell PowerProtect Data Domain Management Center with Data Domain Operating System (DD OS) Feature ReleaseLTS2024 7.13.1
Versions 7.13.1.0 through 7.13.1.40
Version7.13.1.50 or later
CVE-2024-8176
DD OS 7.10.1
 
Dell PowerProtect Data Domain Management Center with Data Domain Operating System (DD OS) Feature ReleaseLTS2023 7.10.1
Versions 7.10.1.0 through 7.10.1.70
Version7.10.1.80 or later

1.PowerProtect Data Domain: Software Versions : This KB article provides the status of the current active PowerProtect Data Domain Operating System (DD OS) releases, along with links to the release notes. (Requires support.dell.com login to view article).   
2. For instructions on how to upgrade Data Domain Operating System (DD OS), see Data Domain and DDVE: How to Upgrade the Data Domain Operating System 
3. Some security scanners may still report False Positive findings after upgrading to remediated DDOS versions.  For more details, please refer to the respective False Positive KB articles:  

 

Revision History

Revision
Date
Description
1.0
2025-19-12
Initial Release

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

DD3300 Appliance, Data Domain Deduplication Storage Systems, Data Domain Virtual Edition, DD6300 Appliance, DD6400 Appliance, DD6410 Appliance, DD6900 Appliance, DD9400 Appliance, DD9410 Appliance, DD9900 Appliance, DD9910 Appliance , DD9910F Appliance ...
Article Properties
Article Number: 000405813
Article Type: Dell Security Advisory
Last Modified: 19 Dec 2025
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.