CVE-2025-46605
Session Fixation in Dell PowerProtect DD OS Enables Unauthorized Access
Publication date: 2026-04-17
Last updated on: 2026-04-17
Assigner: Dell
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dell | powerprotect_data_domain | From 8.4 (inc) to 8.5 (inc) |
| dell | data_domain_operating_system | From 8.4 (inc) to 8.5 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-384 | Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a session fixation issue found in Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions 8.4 through 8.5. It allows a highly privileged attacker with remote access to potentially exploit the system by fixing a session ID, which could lead to unauthorized access.
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker with high privileges and remote access could gain unauthorized access to the system. This could compromise confidentiality and integrity of data, and potentially affect availability to a lesser extent.