Impact
This vulnerability allows an attacker with local high privileges to exploit an improper link resolution before file access. The flaw can be triggered by manipulating symbolic or hard links that are resolved before a file is accessed, enabling unauthorized read or modification of protected files. The weakness directly matches CWE‑59 (Improper Handling of a Relative Pathname), which can lead to data compromise.
Affected Systems
Dell PowerProtect Data Domain appliances running versions 7.7.1.0 through 8.6, or the LTS2026 release series 8.6.1.0 through 8.6.1.10, the LTS2025 series 8.3.1.0 through 8.3.1.30, or the LTS2024 series 7.13.1.0 through 7.13.1.70 are affected.
Risk and Exploitability
The CVSS score of 4.4 indicates a moderate severity, and there is no EPSS data or KEV listing, suggesting limited public exploitation. However, the flaw requires high privileged local access, making remote compromise unlikely unless an attacker gains local credentials or physical access. An attacker with such privileges could manipulate link resolution to access or change protected files.
OpenCVE Enrichment