Impact
The vulnerability is an improper link resolution before file access that allows a high‑privileged local attacker to access files they normally would not be able to reach, leading to potential information exposure. This flaw corresponds to CWE‑59 and is reported with a moderate CVSS score of 4.4, indicating a moderate severity impact under the conditions described. The advisory does not list an EPSS score and the vulnerability is not in the CISA KEV catalog, suggesting limited publicly known exploitation at this time.
Affected Systems
Dell PowerProtect Data Domain appliances running versions 7.7.1.0 through 8.7, as well as the LTS2026 releases 8.6.1.0 through 8.6.1.10, LTS2025 releases 8.3.1.0 through 8.3.1.30, and LTS2024 releases 7.13.1.0 through 7.13.1.70 are affected.
Risk and Exploitability
The CVSS score of 4.4 signals a moderate risk; the lack of an EPSS score means the exploitation probability is uncertain, though the attack requires local high‑privilege access. Because it is not listed in KEV, there is no evidence of current exploitation. The threat exists primarily to systems that are locally accessible to privileged users, so restricting such access or applying the patch mitigates the risk.
OpenCVE Enrichment