Vulnerability Details CVE-2025-36594
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Authentication Bypass by Spoofing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Remote unauthenticated user can create account that potentially expose customer info, affect system integrity and availability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.1%
CVSS Severity
CVSS v3 Score 9.8
Products affected by CVE-2025-36594
-
cpe:2.3:o:dell:data_domain_operating_system:7.10.1.0
-
cpe:2.3:o:dell:data_domain_operating_system:7.10.1.30
-
cpe:2.3:o:dell:data_domain_operating_system:7.10.1.40
-
cpe:2.3:o:dell:data_domain_operating_system:7.10.1.50
-
cpe:2.3:o:dell:data_domain_operating_system:7.10.1.60
-
cpe:2.3:o:dell:data_domain_operating_system:7.13.1.0
-
cpe:2.3:o:dell:data_domain_operating_system:7.13.1.10
-
cpe:2.3:o:dell:data_domain_operating_system:7.13.1.20
-
cpe:2.3:o:dell:data_domain_operating_system:7.7.1.0
-
cpe:2.3:o:dell:data_domain_operating_system:7.7.5.40
-
cpe:2.3:o:dell:data_domain_operating_system:7.7.5.50
-
cpe:2.3:o:dell:data_domain_operating_system:7.8.0.0
-
cpe:2.3:o:dell:data_domain_operating_system:8.0.0.0
-
cpe:2.3:o:dell:data_domain_operating_system:8.1.0.0
-
cpe:2.3:o:dell:data_domain_operating_system:8.1.0.10
-
cpe:2.3:o:dell:data_domain_operating_system:8.3.0.0
-
cpe:2.3:o:dell:data_domain_operating_system:8.3.0.10
-
cpe:2.3:o:dell:data_domain_operating_system:8.3.0.15