Impact
Dell PowerProtect Data Domain suffers from a path traversal flaw (CWE-22). A local attacker with high privileges can read or expose sensitive data by manipulating pathnames beyond intended directories. The vulnerability can leak confidential information but does not allow code execution or denial of service.
Affected Systems
Affected are Dell PowerProtect Data Domain versions 7.7.1.0 through 8.6, LTS2026 release versions 8.6.1.0 through 8.6.1.10, LTS2025 release versions 8.3.1.0 through 8.3.1.30, and LTS2024 release versions 7.13.1.0 through 7.13.1.70.
Risk and Exploitability
The CVSS score is 2.3, reflecting a low severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires local, high‑privileged access, making it less likely to be leveraged remotely but still relevant for compromised environments.
OpenCVE Enrichment