Impact
The vulnerability is a use of less trusted source (CWE‑348) in Dell PowerProtect Data Domain software. A remote attacker with high privileges can supply untrusted input that the system later treats as trustworthy, enabling the attacker to tamper with stored information. This can compromise the integrity of backed‑up data and potentially affect recovery operations.
Affected Systems
Affected products are Dell PowerProtect Data Domain. The vulnerability exists in versions 7.7.1.0 through 8.7, in L.6.1.0 through 8.6.1.10, in LTS2025 releases 8.3.1.0 through 8.3.1.30, and in LTS2024 releases 7.13.1.0 through 7.13.1.70.
Risk and Exploitability
The CVSS score of 2.7 indicates low overall severity. Because the exploit requires high privileged remote access to the appliance, the likelihood of exploitation is low, and the vulnerability is not listed in CISA KEV. Attackers would need to compromise an account with administrative rights and submit malicious input to the system. With no public exploits reported, the immediate threat level is moderate, but organizations should still apply the available update.
OpenCVE Enrichment