DSA-2025-415: Security Update for Dell PowerProtect Data Domain Multiple Vulnerabilities
Сводка: Dell PowerProtect Data Domain remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Данная статья применяется к
Данная статья не применяется к
Эта статья не привязана к какому-либо конкретному продукту.
В этой статье указаны не все версии продуктов.
Влияние
Critical
Дополнительные сведения
Critical severity originates from CVE-2024-38476 associated with Apache component
Подробные сведения
|
Third-Party Component
|
CVEs
|
More Information
|
| Apache server |
CVE-2024-38476, CVE-2024-38477, CVE-2023-38709
|
https://nvd.nist.gov/vuln/search |
| Apache Tomcat |
CVE-2025-48734, CVE-2025-48976, CVE-2025-48988, CVE-2025-49124, CVE-2025-49125
|
https://nvd.nist.gov/vuln/search |
|
Libexpat
|
CVE-2024-8176
|
https://nvd.nist.gov/vuln/search |
| Jinja |
CVE-2025-27516
|
https://nvd.nist.gov/vuln/search |
| CPython |
CVE-2025-0938
|
https://nvd.nist.gov/vuln/search |
|
Proprietary Code CVEs
|
Description
|
CVSS Base Score
|
CVSS Vector String
|
| CVE-2025-46645 |
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.
|
6.5
|
|
|
CVE-2025-46644
|
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS2023 release versions 7.10.1.0 through 7.10.1.70, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.
|
6.0
|
|
|
CVE-2025-46676
|
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70, contain an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
|
2.7
|
|
| CVE-2025-46643 |
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70, contain a Heap-based Buffer Overflow vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service.
|
2.3
|
|
Proprietary Code CVEs
|
Description
|
CVSS Base Score
|
CVSS Vector String
|
| CVE-2025-46645 |
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.
|
6.5
|
|
|
CVE-2025-46644
|
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS2023 release versions 7.10.1.0 through 7.10.1.70, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.
|
6.0
|
|
|
CVE-2025-46676
|
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70, contain an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
|
2.7
|
|
| CVE-2025-46643 |
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70, contain a Heap-based Buffer Overflow vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service.
|
2.3
|
Затронутые продукты и исправление
|
CVEs Addressed
|
Product
|
Software/Firmware
|
Affected Versions
|
Remediated Versions
|
Link
|
|
CVE-2024-38476, CVE-2024-38477, CVE-2023-38709, CVE-2025-48734, CVE-2025-48976, CVE-2025-48988, CVE-2025-49124, CVE-2025-49125, CVE-2025-46645, CVE-2025-46676
|
DD OS 8.5 |
Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, Data Domain Management Center, and Dell APEX Protection Storage with Data Domain Operating System (DD OS) Feature Release
|
Versions 7.7.1.0 through 8.4.0.0
|
Version 8.5.0.0 or later
|
|
|
CVE-2024-38476, CVE-2024-38477, CVE-2023-38709, CVE-2025-48734, CVE-2025-48976, CVE-2025-48988, CVE-2025-49124, CVE-2025-49125, CVE-2025-46645, CVE-2025-46676
|
DD OS 8.3.1
|
Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, Data Domain Management Center, and Dell APEX Protection Storage with Data Domain Operating System (DD OS) LTS2025 8.3.1
|
Versions 8.3.1.0 through 8.3.1.10
|
Version 8.3.1.20 or later
|
|
|
CVE-2024-38476, CVE-2024-38477, CVE-2023-38709, CVE-2025-48734, CVE-2025-48976, CVE-2025-48988, CVE-2025-49124, CVE-2025-49125, CVE-2025-46645, CVE-2025-46676
|
DD OS 7.13.1 |
Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, Data Domain Management Center, and Dell APEX Protection Storage with Data Domain Operating System (DD OS) LTS2024 7.13.1
|
Versions 7.13.1.0 through 7.13.1.40
|
Version 7.13.1.50 or later
|
|
|
CVE-2024-38476, CVE-2024-38477, CVE-2023-38709, CVE-2025-48734, CVE-2025-48976, CVE-2025-48988, CVE-2025-49124, CVE-2025-49125, CVE-2025-46645, CVE-2025-46676
|
DD OS 7.10.1
|
Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, Data Domain Management Center, and Dell APEX Protection Storage with Data Domain Operating System (DD OS) LTS2023 7.10.1
|
Versions 7.10.1.0 through 7.10.1.70
|
Version 7.10.1.80 or later
|
|
|
CVE-2025-27516, CVE-2025-0938, CVE-2025-46644, CVE-2025-46643
|
DD OS 8.5
|
Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, and Dell APEX Protection Storage with Data Domain Operating System (DD OS) Feature Release
|
Versions 7.7.1.0 through 8.4.0.0
|
Version 8.5.0.0 or later
|
|
|
CVE-2025-27516, CVE-2025-46644, CVE-2025-46643
|
DD OS 8.3.1
|
Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, and Dell APEX Protection Storage with Data Domain Operating System (DD OS) LTS2025 8.3.1
|
Versions 8.3.1.0 through 8.3.1.10
|
Version 8.3.1.20 or later
|
|
|
CVE-2025-27516, CVE-2025-0938, CVE-2025-46644, CVE-2025-46643
|
DD OS 7.13.1
|
Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, and Dell APEX Protection Storage with Data Domain Operating System (DD OS) LTS2024 7.13.1
|
Versions 7.13.1.0 through 7.13.1.40
|
Version 7.13.1.50 or later
|
|
|
CVE-2025-27516, CVE-2025-46644, CVE-2025-46643
|
DD OS 7.10.1
|
Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, and Dell APEX Protection Storage with Data Domain Operating System (DD OS) LTS2023 7.10.1
|
Versions 7.10.1.0 through 7.10.1.70
|
Version 7.10.1.80 or later
|
|
|
CVE-2024-8176
|
DD OS 8.5 |
Dell PowerProtect Data Domain Management Center with Data Domain Operating System (DD OS) Feature Release
|
Versions 7.7.1.0 through 8.4.0.0
|
Version 8.5.0.0 or later
|
|
|
CVE-2024-8176
|
DD OS 8.3.1 |
Dell PowerProtect Data Domain Management Center with Data Domain Operating System (DD OS) Feature Release LTS2025 8.3.1
|
Versions 8.3.1.0 through 8.3.1.10
|
Version 8.3.1.20 or later
|
|
|
CVE-2024-8176
|
DD OS 7.13.1
|
Dell PowerProtect Data Domain Management Center with Data Domain Operating System (DD OS) Feature Release LTS2024 7.13.1
|
Versions 7.13.1.0 through 7.13.1.40
|
Version 7.13.1.50 or later
|
|
|
CVE-2024-8176
|
DD OS 7.10.1
|
Dell PowerProtect Data Domain Management Center with Data Domain Operating System (DD OS) Feature Release LTS2023 7.10.1
|
Versions 7.10.1.0 through 7.10.1.70
|
Version 7.10.1.80 or later
|
|
CVEs Addressed
|
Product
|
Software/Firmware
|
Affected Versions
|
Remediated Versions
|
Link
|
|
CVE-2024-38476, CVE-2024-38477, CVE-2023-38709, CVE-2025-48734, CVE-2025-48976, CVE-2025-48988, CVE-2025-49124, CVE-2025-49125, CVE-2025-46645, CVE-2025-46676
|
DD OS 8.5 |
Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, Data Domain Management Center, and Dell APEX Protection Storage with Data Domain Operating System (DD OS) Feature Release
|
Versions 7.7.1.0 through 8.4.0.0
|
Version 8.5.0.0 or later
|
|
|
CVE-2024-38476, CVE-2024-38477, CVE-2023-38709, CVE-2025-48734, CVE-2025-48976, CVE-2025-48988, CVE-2025-49124, CVE-2025-49125, CVE-2025-46645, CVE-2025-46676
|
DD OS 8.3.1
|
Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, Data Domain Management Center, and Dell APEX Protection Storage with Data Domain Operating System (DD OS) LTS2025 8.3.1
|
Versions 8.3.1.0 through 8.3.1.10
|
Version 8.3.1.20 or later
|
|
|
CVE-2024-38476, CVE-2024-38477, CVE-2023-38709, CVE-2025-48734, CVE-2025-48976, CVE-2025-48988, CVE-2025-49124, CVE-2025-49125, CVE-2025-46645, CVE-2025-46676
|
DD OS 7.13.1 |
Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, Data Domain Management Center, and Dell APEX Protection Storage with Data Domain Operating System (DD OS) LTS2024 7.13.1
|
Versions 7.13.1.0 through 7.13.1.40
|
Version 7.13.1.50 or later
|
|
|
CVE-2024-38476, CVE-2024-38477, CVE-2023-38709, CVE-2025-48734, CVE-2025-48976, CVE-2025-48988, CVE-2025-49124, CVE-2025-49125, CVE-2025-46645, CVE-2025-46676
|
DD OS 7.10.1
|
Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, Data Domain Management Center, and Dell APEX Protection Storage with Data Domain Operating System (DD OS) LTS2023 7.10.1
|
Versions 7.10.1.0 through 7.10.1.70
|
Version 7.10.1.80 or later
|
|
|
CVE-2025-27516, CVE-2025-0938, CVE-2025-46644, CVE-2025-46643
|
DD OS 8.5
|
Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, and Dell APEX Protection Storage with Data Domain Operating System (DD OS) Feature Release
|
Versions 7.7.1.0 through 8.4.0.0
|
Version 8.5.0.0 or later
|
|
|
CVE-2025-27516, CVE-2025-46644, CVE-2025-46643
|
DD OS 8.3.1
|
Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, and Dell APEX Protection Storage with Data Domain Operating System (DD OS) LTS2025 8.3.1
|
Versions 8.3.1.0 through 8.3.1.10
|
Version 8.3.1.20 or later
|
|
|
CVE-2025-27516, CVE-2025-0938, CVE-2025-46644, CVE-2025-46643
|
DD OS 7.13.1
|
Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, and Dell APEX Protection Storage with Data Domain Operating System (DD OS) LTS2024 7.13.1
|
Versions 7.13.1.0 through 7.13.1.40
|
Version 7.13.1.50 or later
|
|
|
CVE-2025-27516, CVE-2025-46644, CVE-2025-46643
|
DD OS 7.10.1
|
Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, and Dell APEX Protection Storage with Data Domain Operating System (DD OS) LTS2023 7.10.1
|
Versions 7.10.1.0 through 7.10.1.70
|
Version 7.10.1.80 or later
|
|
|
CVE-2024-8176
|
DD OS 8.5 |
Dell PowerProtect Data Domain Management Center with Data Domain Operating System (DD OS) Feature Release
|
Versions 7.7.1.0 through 8.4.0.0
|
Version 8.5.0.0 or later
|
|
|
CVE-2024-8176
|
DD OS 8.3.1 |
Dell PowerProtect Data Domain Management Center with Data Domain Operating System (DD OS) Feature Release LTS2025 8.3.1
|
Versions 8.3.1.0 through 8.3.1.10
|
Version 8.3.1.20 or later
|
|
|
CVE-2024-8176
|
DD OS 7.13.1
|
Dell PowerProtect Data Domain Management Center with Data Domain Operating System (DD OS) Feature Release LTS2024 7.13.1
|
Versions 7.13.1.0 through 7.13.1.40
|
Version 7.13.1.50 or later
|
|
|
CVE-2024-8176
|
DD OS 7.10.1
|
Dell PowerProtect Data Domain Management Center with Data Domain Operating System (DD OS) Feature Release LTS2023 7.10.1
|
Versions 7.10.1.0 through 7.10.1.70
|
Version 7.10.1.80 or later
|
- PowerProtect Data Domain: Software Versions : This KB article provides the status of the current active PowerProtect Data Domain Operating System (DD OS) releases, along with links to the release notes. (Requires support.dell.com login to view article).
- For instructions on how to upgrade Data Domain Operating System (DD OS), see Data Domain and DDVE: How to Upgrade the Data Domain Operating System
- Some security scanners may still report False Positive findings after upgrading to remediated DDOS versions. For more details, please refer to the respective False Positive KB articles:
-
- Dell PowerProtect Data Domain False Positive Security Vulnerabilities for DD OS 8.5
- Dell PowerProtect Data Domain False Positive Security Vulnerabilities for DDOS 8.3
- Dell Data Domain False Positive Security Vulnerabilities for DDOS 7.13
- Dell Data Domain False Positive Security Vulnerabilities for DDOS 7.10
История изменений
|
Revision
|
Date
|
Description
|
|
1.0
|
2025-19-12
|
Initial Release
|
|
2.0
|
2025-22-12
|
Minor Update: typo in the title was corrected
|
|
3.0
|
2026-05-01
|
Updated for enhanced presentation with no changes to content
|
Связанная информация
Правовая оговорка
Затронутые продукты
DD3300 Appliance, Data Domain Deduplication Storage Systems, Data Domain Virtual Edition, DD6300 Appliance, DD6400 Appliance, DD6410 Appliance, DD6900 Appliance, DD9400 Appliance, DD9410 Appliance, DD9900 Appliance, DD9910 Appliance
, DD9910F Appliance
...
Свойства статьи
Номер статьи: 000405813
Тип статьи: Dell Security Advisory
Последнее изменение: 05 Jan 2026
Получите ответы на свои вопросы от других пользователей Dell
Услуги технической поддержки
Проверьте, распространяются ли на ваше устройство услуги технической поддержки.