CVE-2025-36594
BaseFortify
Publication date: 2025-08-04
Last updated on: 2025-10-16
Assigner: Dell
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dell | data_domain_operating_system | From 7.7.1.0 (inc) to 7.10.1.70 (exc) |
| dell | data_domain_operating_system | From 7.13.1.0 (inc) to 7.13.1.30 (exc) |
| dell | data_domain_operating_system | From 8.0.0.0 (inc) to 8.3.1.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-290 | This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Authentication Bypass by Spoofing in Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) across multiple versions. It allows a remote, unauthenticated attacker to bypass protection mechanisms by spoofing authentication, potentially creating accounts without proper authorization.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability could create unauthorized accounts, potentially exposing customer information and compromising system integrity and availability. This could lead to data breaches, loss of system control, and service disruptions.