DSA-2025-415: Security Update for Dell PowerProtect Data Domain Multiple Vulnerabilities

Sommaire

Article détaillé

Impact

Détails supplémentaires

Détails

Produits concernés et mesure corrective

Historique des révisions

Informations connexes

Mention légale

Produits concernés

Envoyez vos commentaires

Résumé: Dell PowerProtect Data Domain remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Cet article concerne Cet article ne concerne pas Cet article n’est associé à aucun produit spécifique. Toutes les versions du produit ne sont pas identifiées dans cet article.

Consulter d’autres ressources

Impact

Critical

Détails supplémentaires

Critical severity originates from CVE-2024-38476 associated with Apache component

Détails

Third-Party Component	CVEs	More Information
Apache server	CVE-2024-38476, CVE-2024-38477, CVE-2023-38709	https://nvd.nist.gov/vuln/search
Apache Tomcat	CVE-2025-48734, CVE-2025-48976, CVE-2025-48988, CVE-2025-49124, CVE-2025-49125	https://nvd.nist.gov/vuln/search
Libexpat	CVE-2024-8176	https://nvd.nist.gov/vuln/search
Jinja	CVE-2025-27516	https://nvd.nist.gov/vuln/search
CPython	CVE-2025-0938	https://nvd.nist.gov/vuln/search

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2025-46645	Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70,containan Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Ahighprivileged attacker with remote access could potentially exploit this vulnerability, leading toCommandexecution.	6.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
CVE-2025-46644	Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS2023 release versions 7.10.1.0 through 7.10.1.70,containan Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Ahighprivileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.	6.0	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
CVE-2025-46676	Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70,containan Exposure of Sensitive Information to an Unauthorized Actor vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.	2.7	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
CVE-2025-46643	Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70,containa Heap-based Buffer Overflow vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service.	2.3	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2025-46645	Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70,containan Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Ahighprivileged attacker with remote access could potentially exploit this vulnerability, leading toCommandexecution.	6.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
CVE-2025-46644	Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS2023 release versions 7.10.1.0 through 7.10.1.70,containan Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Ahighprivileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.	6.0	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
CVE-2025-46676	Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70,containan Exposure of Sensitive Information to an Unauthorized Actor vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.	2.7	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
CVE-2025-46643	Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70,containa Heap-based Buffer Overflow vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service.	2.3	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

Dell Technologies recommande à tous les clients de prendre en compte à la fois le score de base CVSS et les scores temporels et environnementaux pertinents qui peuvent avoir un impact sur la gravité potentielle associée à une faille de sécurité donnée.

Produits concernés et mesure corrective

CVEsAddressed	Product	Software/Firmware	Affected Versions	Remediated Versions	Link
CVE-2024-38476, CVE-2024-38477, CVE-2023-38709,CVE-2025-48734, CVE-2025-48976, CVE-2025-48988, CVE-2025-49124, CVE-2025-49125,CVE-2025-46645,CVE-2025-46676	DD OS 8.5	Dell PowerProtectData Domainseries appliances,Data Domain Virtual Edition,Data Domain Management Center,andDell APEX Protection StoragewithData Domain Operating System (DD OS)Feature Release	Versions 7.7.1.0through 8.4.0.0	Version 8.5.0.0or later	Support for Data Domain Deduplication Storage Systems (Dell Support login required)
CVE-2024-38476, CVE-2024-38477, CVE-2023-38709, CVE-2025-48734, CVE-2025-48976, CVE-2025-48988, CVE-2025-49124, CVE-2025-49125, CVE-2025-46645, CVE-2025-46676	DD OS8.3.1	Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, Data Domain Management Center, and Dell APEX Protection Storage with Data Domain Operating System (DD OS)LTS20258.3.1	Versions8.3.1.0through8.3.1.10	Version8.3.1.20or later	Support for Data Domain Deduplication Storage Systems (Dell Support login required)
CVE-2024-38476, CVE-2024-38477, CVE-2023-38709, CVE-2025-48734, CVE-2025-48976, CVE-2025-48988, CVE-2025-49124, CVE-2025-49125, CVE-2025-46645, CVE-2025-46676	DD OS7.13.1	Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, Data Domain Management Center, and Dell APEX Protection Storage with Data Domain Operating System (DD OS)LTS2024 7.13.1	Versions 7.13.1.0 through 7.13.1.40	Version7.13.1.50 or later	Support for Data Domain Deduplication Storage Systems (Dell Support login required)
CVE-2024-38476, CVE-2024-38477, CVE-2023-38709, CVE-2025-48734, CVE-2025-48976, CVE-2025-48988, CVE-2025-49124, CVE-2025-49125,CVE-2025-46645, CVE-2025-46676	DD OS7.10.1	Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, Data Domain Management Center, and Dell APEX Protection Storage with Data Domain Operating System (DD OS)LTS2023 7.10.1	Versions 7.10.1.0 through 7.10.1.70	Version7.10.1.80 or later	Support for Data Domain Deduplication Storage Systems (Dell Support login required)
CVE-2025-27516,CVE-2025-0938,CVE-2025-46644,CVE-2025-46643	DD OS 8.5 )	Dell PowerProtectData Domainseries appliances,Data Domain Virtual Edition, andDellAPEX Protection StoragewithData Domain Operating System (DD OS)Feature Release	Versions 7.7.1.0 through 8.4.0.0	Version 8.5.0.0or later	Support for Data Domain Deduplication Storage Systems (DellSupport login required)
CVE-2025-27516,CVE-2025-46644, CVE-2025-46643	DD OS8.3.1	Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, and Dell APEX Protection Storage with Data Domain Operating System (DD OS)LTS20258.3.1	Versions8.3.1.0through8.3.1.10	Version8.3.1.20or later	Support for Data Domain Deduplication Storage Systems (Dell Support login required)
CVE-2025-27516,CVE-2025-0938,CVE-2025-46644, CVE-2025-46643	DD OS7.13.1	Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, and Dell APEX Protection Storage with Data Domain Operating System (DD OS)LTS2024 7.13.1	Versions 7.13.1.0 through 7.13.1.40	Version7.13.1.50 or later	Support for Data Domain Deduplication Storage Systems (Dell Support login required)
CVE-2025-27516,CVE-2025-46644, CVE-2025-46643	DD OS 7.10.1	Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, and Dell APEX Protection Storage with Data Domain Operating System (DD OS)LTS2023 7.10.1	Versions 7.10.1.0 through 7.10.1.70	Version7.10.1.80 or later	Support for Data Domain Deduplication Storage Systems (Dell Support login required)
CVE-2024-8176	DD OS 8.5	Dell PowerProtectData DomainManagement CenterwithData Domain Operating System (DD OS)Feature Release	Versions 7.7.1.0 through 8.4.0.0	Version 8.5.0.0or later	Support for DD OS \| Drivers & Downloads (Dell Support login required)
CVE-2024-8176	DD OS8.3.1	Dell PowerProtect Data Domain Management Center with Data Domain Operating System (DD OS) Feature ReleaseLTS20258.3.1	Versions8.3.1.0through8.3.1.10	Version8.3.1.20or later	Support for Data Domain Deduplication Storage Systems (Dell Support login required)
CVE-2024-8176	DD OS7.13.1	Dell PowerProtect Data Domain Management Center with Data Domain Operating System (DD OS) Feature ReleaseLTS2024 7.13.1	Versions 7.13.1.0 through 7.13.1.40	Version7.13.1.50 or later	Support for Data Domain Deduplication Storage Systems (Dell Support login required)
CVE-2024-8176	DD OS 7.10.1	Dell PowerProtect Data Domain Management Center with Data Domain Operating System (DD OS) Feature ReleaseLTS2023 7.10.1	Versions 7.10.1.0 through 7.10.1.70	Version7.10.1.80 or later	Support for Data Domain Deduplication Storage Systems (Dell Support login required)

CVEsAddressed	Product	Software/Firmware	Affected Versions	Remediated Versions	Link
CVE-2024-38476, CVE-2024-38477, CVE-2023-38709,CVE-2025-48734, CVE-2025-48976, CVE-2025-48988, CVE-2025-49124, CVE-2025-49125,CVE-2025-46645,CVE-2025-46676	DD OS 8.5	Dell PowerProtectData Domainseries appliances,Data Domain Virtual Edition,Data Domain Management Center,andDell APEX Protection StoragewithData Domain Operating System (DD OS)Feature Release	Versions 7.7.1.0through 8.4.0.0	Version 8.5.0.0or later	Support for Data Domain Deduplication Storage Systems (Dell Support login required)
CVE-2024-38476, CVE-2024-38477, CVE-2023-38709, CVE-2025-48734, CVE-2025-48976, CVE-2025-48988, CVE-2025-49124, CVE-2025-49125, CVE-2025-46645, CVE-2025-46676	DD OS8.3.1	Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, Data Domain Management Center, and Dell APEX Protection Storage with Data Domain Operating System (DD OS)LTS20258.3.1	Versions8.3.1.0through8.3.1.10	Version8.3.1.20or later	Support for Data Domain Deduplication Storage Systems (Dell Support login required)
CVE-2024-38476, CVE-2024-38477, CVE-2023-38709, CVE-2025-48734, CVE-2025-48976, CVE-2025-48988, CVE-2025-49124, CVE-2025-49125, CVE-2025-46645, CVE-2025-46676	DD OS7.13.1	Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, Data Domain Management Center, and Dell APEX Protection Storage with Data Domain Operating System (DD OS)LTS2024 7.13.1	Versions 7.13.1.0 through 7.13.1.40	Version7.13.1.50 or later	Support for Data Domain Deduplication Storage Systems (Dell Support login required)
CVE-2024-38476, CVE-2024-38477, CVE-2023-38709, CVE-2025-48734, CVE-2025-48976, CVE-2025-48988, CVE-2025-49124, CVE-2025-49125,CVE-2025-46645, CVE-2025-46676	DD OS7.10.1	Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, Data Domain Management Center, and Dell APEX Protection Storage with Data Domain Operating System (DD OS)LTS2023 7.10.1	Versions 7.10.1.0 through 7.10.1.70	Version7.10.1.80 or later	Support for Data Domain Deduplication Storage Systems (Dell Support login required)
CVE-2025-27516,CVE-2025-0938,CVE-2025-46644,CVE-2025-46643	DD OS 8.5 )	Dell PowerProtectData Domainseries appliances,Data Domain Virtual Edition, andDellAPEX Protection StoragewithData Domain Operating System (DD OS)Feature Release	Versions 7.7.1.0 through 8.4.0.0	Version 8.5.0.0or later	Support for Data Domain Deduplication Storage Systems (DellSupport login required)
CVE-2025-27516,CVE-2025-46644, CVE-2025-46643	DD OS8.3.1	Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, and Dell APEX Protection Storage with Data Domain Operating System (DD OS)LTS20258.3.1	Versions8.3.1.0through8.3.1.10	Version8.3.1.20or later	Support for Data Domain Deduplication Storage Systems (Dell Support login required)
CVE-2025-27516,CVE-2025-0938,CVE-2025-46644, CVE-2025-46643	DD OS7.13.1	Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, and Dell APEX Protection Storage with Data Domain Operating System (DD OS)LTS2024 7.13.1	Versions 7.13.1.0 through 7.13.1.40	Version7.13.1.50 or later	Support for Data Domain Deduplication Storage Systems (Dell Support login required)
CVE-2025-27516,CVE-2025-46644, CVE-2025-46643	DD OS 7.10.1	Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, and Dell APEX Protection Storage with Data Domain Operating System (DD OS)LTS2023 7.10.1	Versions 7.10.1.0 through 7.10.1.70	Version7.10.1.80 or later	Support for Data Domain Deduplication Storage Systems (Dell Support login required)
CVE-2024-8176	DD OS 8.5	Dell PowerProtectData DomainManagement CenterwithData Domain Operating System (DD OS)Feature Release	Versions 7.7.1.0 through 8.4.0.0	Version 8.5.0.0or later	Support for DD OS \| Drivers & Downloads (Dell Support login required)
CVE-2024-8176	DD OS8.3.1	Dell PowerProtect Data Domain Management Center with Data Domain Operating System (DD OS) Feature ReleaseLTS20258.3.1	Versions8.3.1.0through8.3.1.10	Version8.3.1.20or later	Support for Data Domain Deduplication Storage Systems (Dell Support login required)
CVE-2024-8176	DD OS7.13.1	Dell PowerProtect Data Domain Management Center with Data Domain Operating System (DD OS) Feature ReleaseLTS2024 7.13.1	Versions 7.13.1.0 through 7.13.1.40	Version7.13.1.50 or later	Support for Data Domain Deduplication Storage Systems (Dell Support login required)
CVE-2024-8176	DD OS 7.10.1	Dell PowerProtect Data Domain Management Center with Data Domain Operating System (DD OS) Feature ReleaseLTS2023 7.10.1	Versions 7.10.1.0 through 7.10.1.70	Version7.10.1.80 or later	Support for Data Domain Deduplication Storage Systems (Dell Support login required)

1.PowerProtect Data Domain: Software Versions : This KB article provides the status of the current active PowerProtect Data Domain Operating System (DD OS) releases, along with links to the release notes. (Requires support.dell.com login to view article).
2. For instructions on how to upgrade Data Domain Operating System (DD OS), see Data Domain and DDVE: How to Upgrade the Data Domain Operating System
3. Some security scanners may still report False Positive findings after upgrading to remediated DDOS versions. For more details, please refer to the respective False Positive KB articles:

Dell PowerProtect Data Domain False Positive Security Vulnerabilities for DD OS 8.5

Dell PowerProtect Data Domain False Positive Security Vulnerabilities for DDOS 8.3

Dell Data Domain False Positive Security Vulnerabilities for DDOS 7.13

Dell Data Domain False Positive Security Vulnerabilities for DDOS 7.10  

Historique des révisions

Revision	Date	Description
1.0	2025-19-12	Initial Release
2.0	2025-22-12	Minor Update: typo in the title was corrected

Informations connexes

Mention légale

Produits concernés

DD3300 Appliance, Data Domain Deduplication Storage Systems, Data Domain Virtual Edition, DD6300 Appliance, DD6400 Appliance, DD6410 Appliance, DD6900 Appliance, DD9400 Appliance, DD9410 Appliance, DD9900 Appliance, DD9910 Appliance , DD9910F Appliance ...

Numéro d’article: 000405813

Type d’article: Dell Security Advisory

Dernière modification: 22 déc. 2025

Vérifiez si votre appareil est couvert par les services de support.

DSA-2025-415: Security Update for Dell PowerProtect Data Domain Multiple Vulnerabilities

Résumé: Dell PowerProtect Data Domain remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Impact

Détails supplémentaires

Détails

Produits concernés et mesure corrective

Historique des révisions

Informations connexes

Mention légale

Produits concernés

Propriétés de l’article

Trouvez des réponses à vos questions auprès d’autres utilisateurs Dell

Services de support

Propriétés de l’article

Trouvez des réponses à vos questions auprès d’autres utilisateurs Dell

Services de support