Dell Dell

  1. Vendors
  2. Dell

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Dell product.

RSS Feeds for Dell security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Dell products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Dell Sorted by Most Security Vulnerabilities since 2018

Dell Emc Powerscale Onefs75 vulnerabilities

Dell Powerscale Onefs74 vulnerabilities

Dell Wyse Management Suite48 vulnerabilities

Dell Unity Operating Environment45 vulnerabilities

Dell Data Domain Operating System34 vulnerabilities

Dell Smartfabric Os1031 vulnerabilities

Dell Bsafe Micro Edition Suite28 vulnerabilities

Dell Supportassist For Home Pcs26 vulnerabilities

Dell Secure Connect Gateway26 vulnerabilities

Dell Unity26 vulnerabilities

Dell Bsafe Crypto C Micro Edition19 vulnerabilities

Dell Supportassist For Business Pcs19 vulnerabilities

Dell Bsafe Ssl J18 vulnerabilities

Dell Emc Networker17 vulnerabilities

Dell Cloudlink16 vulnerabilities

Dell Emc Unity Operating Environment16 vulnerabilities

Dell Solutions Enabler Virtual Appliance15 vulnerabilities

Dell Unisphere Powermax Virtual Appliance15 vulnerabilities

Dell Powerprotect Data Manager14 vulnerabilities

Dell Powermax Os14 vulnerabilities

Dell Alienware Command Center12 vulnerabilities

Dell Policy Manager Secure Connect Gateway12 vulnerabilities

Dell Openmanage Enterprise12 vulnerabilities

Dell Emc Unityvsa Operating Environment12 vulnerabilities

Dell Recoverpoint Virtual Machines12 vulnerabilities

Dell Elastic Cloud Storage11 vulnerabilities

Dell Bsafe Crypto J10 vulnerabilities

Dell Command Update10 vulnerabilities

Dell Hybrid Client10 vulnerabilities

Dell Unity Xt Operating Environment10 vulnerabilities

Dell Unityvsa Operating Environment10 vulnerabilities

Dell Networking Os109 vulnerabilities

Dell Emc Unity Xt Operating Environment9 vulnerabilities

Dell Smartfabric Storage Software9 vulnerabilities

Dell Supportassist8 vulnerabilities

Dell Controlvault38 vulnerabilities

Dell Digital Delivery8 vulnerabilities

Dell Insightiq8 vulnerabilities

Dell Powerpath Management Appliance8 vulnerabilities

Dell Alienware Update7 vulnerabilities

Dell Networker7 vulnerabilities

Dell Openmanage Server Administrator7 vulnerabilities

Dell Enterprise Sonic Distribution7 vulnerabilities

Dell Thinos6 vulnerabilities

Dell Repository Manager6 vulnerabilities

Dell Display Manager6 vulnerabilities

Dell Emc Appsync6 vulnerabilities

Dell Emc Idrac Service Module6 vulnerabilities

Dell Storage Manager6 vulnerabilities

Dell Emc Openmanage Server Administrator6 vulnerabilities

Dell Endpoint Security Suite Enterprise6 vulnerabilities

Dell Update6 vulnerabilities

Dell Appsync5 vulnerabilities

Dell Powerstoreos5 vulnerabilities

Dell Command Monitor5 vulnerabilities

Dell Data Lakehouse5 vulnerabilities

Dell Emc Unisphere For Powermax5 vulnerabilities

Dell Enterprise Sonic Os5 vulnerabilities

Dell Emc Data Protection Central5 vulnerabilities

Dell Power Manager5 vulnerabilities

Dell Encryption5 vulnerabilities

Dell Unisphere For Powermax5 vulnerabilities

Dell Solutions Enabler5 vulnerabilities

Dell Avamar Server4 vulnerabilities

Dell Rugged Control Center4 vulnerabilities

Dell Commandconfigure4 vulnerabilities

Dell Common Event Enabler4 vulnerabilities

Dell Emc Solutions Enabler Virtual Appliance4 vulnerabilities

Dell Supportassist Os Recovery4 vulnerabilities

Dell Emc Secure Connect Gateway Policy Manager4 vulnerabilities

Dell Powerprotect Cyber Recovery4 vulnerabilities

Dell Unisphere 3604 vulnerabilities

Dell Peripheral Manager4 vulnerabilities

Known Exploited Dell Vulnerabilities

The following Dell vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Dell dbutil Driver Insufficient Access Control Vulnerability Dell dbutil driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service, or information disclosure.
CVE-2021-21551 Exploit Probability: 58.1% 		March 31, 2022

The vulnerability CVE-2021-21551: Dell dbutil Driver Insufficient Access Control Vulnerability is in the top 5% of the currently known exploitable vulnerabilities.

By the Year

In 2025 there have been 197 vulnerabilities in Dell with an average score of 6.8 out of ten. Last year, in 2024 Dell had 218 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Dell in 2025 could surpass last years number. Last year, the average CVE base score was greater by 0.31




Year Vulnerabilities Average Score
2025 197 6.77
2024 218 7.08
2023 164 6.96
2022 124 7.21
2021 139 6.94
2020 34 7.38
2019 52 7.34
2018 57 7.21

It may take a day or so for new Dell vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Dell Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2025-31649 Nov 17, 2025
Hard-Coded Password in Dell ControlVault3 API (5.15.14.19 / 6.2.36.47) A hard-coded password vulnerability exists in the ControlVault WBDI Driver functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to execute priviledged operation. An attacker can issue an api call to trigger this vulnerability.
Controlvault3
CVE-2025-31361 Nov 17, 2025
Privilege Escalation via Dell ControlVault3 WBDI Driver pre5.15.14.19 / pre6.2.36.47 A privilege escalation vulnerability exists in the ControlVault WBDI Driver WBIO_USH_ADD_RECORD functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to privilege escalation. An attacker can issue an api call to trigger this vulnerability.
Controlvault3
CVE-2025-36463 Nov 17, 2025
Dell ControlVault3 OOB Read/Write via WinBioControlUnit pre-5.15.14.19 Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to memory corruption. An attacker can issue an api call to trigger this vulnerability. This vulnerability is triggered when submitting a `WinBioControlUnit` call to the StorageAdapter with the ControlCode 4 (`WBIO_USH_ADD_RECORD`) and with an invalid `SendBufferSize`.
Controlvault3
CVE-2025-36462 Nov 17, 2025
Dell ControlVault3/3+ OOB via WBDI Driver before 5.15.14.19 Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to memory corruption. An attacker can issue an api call to trigger this vulnerability. This vulnerability is triggered when submitting a `WinBioControlUnit` call to the StorageAdapter with the ControlCode 3 (`WBIO_USH_CREATE_CHALLENGE`) with an invalid `ReceiveBuferSize`.
Controlvault3
CVE-2025-36461 Nov 17, 2025
Dell ControlVault3 Prior <5.15.14.19 OOBRead/Write in WBDI Driver Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to memory corruption. An attacker can issue an api call to trigger this vulnerability. This vulnerability is triggered when submitting a `WinBioControlUnit` call to the StorageAdapter with the ControlCode 0 (`WBIO_USH_GET_TEMPLATE`) and with either and an invalid `ReceiveBuferSize` and/or an invalid `SendBufferSize`.
Controlvault3
CVE-2025-36460 Nov 17, 2025
Dell ControlVault WBDI OOB Read/Write (5.15.14.19) Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to memory corruption. An attacker can issue an api call to trigger this vulnerability. This vulnerability is triggered when submitting a `WinBioControlUnit` call to the StorageAdapter with the ControlCode 2 (`WBIO_USH_GET_IDENTITY`) with an improper `ReceiveBuferSize` value.
Controlvault3
CVE-2025-32089 Nov 17, 2025
Dell ControlVault3/Plus Buffer Overflow CVE-2025-32089 A buffer overflow vulnerability exists in the CvManager_SBI functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to a arbitrary code execution. An attacker can issue an api call to trigger this vulnerability.
Controlvault3
CVE-2025-36553 Nov 17, 2025
Dell ControlVault3 CVE-2025-36553 Buffer Overflow in CvManager <5.15.14.19/6.2.36.47 A buffer overflow vulnerability exists in the CvManager functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to memory corruption. An attacker can issue an api call to trigger this vulnerability.
Controlvault3
CVE-2025-46369 Nov 13, 2025
Dell Alienware Command Center 6.x (pre 6.10.15.0) Insecure Temp File Priv Esc Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contains an Insecure Temporary File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Privilege Escalation.
Alienware Command Center
CVE-2025-46370 Nov 13, 2025
Dell Alienware Command Center <6.10.15 Info Disclosure via Local Process Control Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain a Process Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information Disclosure.
Alienware Command Center
CVE-2025-46362 Nov 13, 2025
Dell AWCC 6.x Improper Access Control Info Tampering (fixed 6.10.15.0) Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information Tampering.
Alienware Command Center
CVE-2025-46368 Nov 13, 2025
Insecure Temporary File in Dell Alienware Command Center <6.10.15.0 Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contains an Insecure Temporary File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.
Alienware Command Center
CVE-2025-46367 Nov 13, 2025
Dell AWCC 6.x <6.10.15.0: Detection of Error Cond VULN APE Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain a Detection of Error Condition Without Action vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary Code Execution.
Alienware Command Center
CVE-2025-46608 Nov 12, 2025
Dell Data Lakehouse Improper Access Control <1.6.0.0 Dell Data Lakehouse, versions prior to 1.6.0.0, contain(s) an Improper Access Control vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges. This vulnerability is considered Critical, as it may result in unauthorized access with elevated privileges, compromising system integrity and customer data. Dell recommends customers upgrade to the latest version at the earliest opportunity.
Data Lakehouse
CVE-2025-46427 Nov 12, 2025
Dell SmartFabric OS10 <10.6.1.0 Command Injection (CVE-2025-46427) Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.
Smartfabric Os10
CVE-2025-46428 Nov 12, 2025
Dell SmartFabric OS10: CmdInjection via Improper Neutralization (v<10.6.1.0) Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.
Smartfabric Os10
CVE-2024-48829 Nov 12, 2025
Dell SmartFabric OS10 <10.6.1.0 Code Injection Vulnerability Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Control of Generation of Code ('Code Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
Smartfabric Os10
CVE-2025-43723 Nov 10, 2025
Dell OneFS <9.10.1.3 / 9.1112 risky crypto Info Disclosure Dell PowerScale OneFS, versions prior to 9.10.1.3 and versions 9.11.0.0 through 9.12.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
Powerscale Onefs
CVE-2025-46430 Nov 10, 2025
Dell Display & Peripheral Manager 2.1.2.12 Installer Elevates Privileges Dell Display and Peripheral Manager, versions prior to 2.1.2.12, contains an Execution with Unnecessary Privileges vulnerability in the Installer. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
CVE-2025-22397 Nov 06, 2025
Dell Remote Access Controller 9/10 Path Traversal <8.0.0.181/1.20.25.0 Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions 6.10.80.00 through 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior to 1.20.25.00, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
Remote Access Controller
CVE-2025-43990 Nov 05, 2025
Dell Command Monitor (DCM) Low-Privilege Local Priv Escalation prior to 10.12.3.28 Dell Command Monitor (DCM), versions prior to 10.12.3.28, contains an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
Command Monitor
CVE-2025-46366 Nov 05, 2025
Dell CloudLink 8.1.1 CVE-2025-46366: Privileged Escalation & DB Access Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user may exploit and gain parallel privilege escalation or access to the database to obtain confidential information.
Cloudlink
CVE-2025-46424 Nov 05, 2025
Dell CloudLink <8.2 CRYPTO Primitive Risky Impl. DoS Dell CloudLink, versions prior to 8.2, contain use of a Cryptographic Primitive with a Risky Implementation vulnerability. A high privileged attacker could potentially exploit this vulnerability leading to Denial of service.
Cloudlink
CVE-2025-46365 Nov 05, 2025
Dell CloudLink <8.1.1 Authenticated Command Injection Vulnerability Dell CloudLink, versions prior 8.1.1, contain a Command Injection vulnerability which can be exploited by an Authenticated attacker to cause Command Injection on an affected Dell CloudLink.
Cloudlink
CVE-2025-46364 Nov 05, 2025
Dell CloudLink 8.1.1 CLI Escape Vulnerability Privileged User Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user with known password can run CLI Escape Vulnerability to gain control of system.
Cloudlink
CVE-2025-45379 Nov 05, 2025
Dell CloudLink <=8.1: Privileged Command Injection via Console Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection from console to gain shell access of system.
Cloudlink
CVE-2025-30479 Nov 05, 2025
Dell CloudLink <8.2 Command Injection via Privileged User Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection to gain control of system.
Cloudlink
CVE-2025-45378 Nov 05, 2025
Dell CloudLink 8.0-8.1.2 Restricted Shell Privilege Escalation Dell CloudLink, versions 8.0 through 8.1.2, contain vulnerability on restricted shell. A Privileged user with known password can break into command shell of CloudLink server and gain access of shell and escalate privilege, gain unauthorized access of system. If ssh is enabled with web credentials of server, attack is possible through network with known privileged user/password.
Cloudlink
CVE-2025-36592 Oct 30, 2025
Dell Secure Connect Gateway SCG 5.205.28 XSS Vulnerability Dell Secure Connect Gateway (SCG) Policy Manager, version(s) 5.20. 5.22, 5.24, 5.26, 5.28, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Script injection.
Secure Connect Gateway Scg Policy Manager
CVE-2025-46363 Oct 30, 2025
Relative Path Traversal in Dell SCG 5.26-5.30 via Internal REST API Dell Secure Connect Gateway (SCG) 5.0 Application and Appliance version(s) 5.26.00.00 - 5.30.00.00, contain a Relative Path Traversal vulnerability in the SCG exposed for an internal collection download REST API (if this REST API is enabled by Admin user from UI). A low privileged attacker with remote access could potentially exploit this vulnerability, leading to allowing relative path traversal to restricted resources.
Secure Connect Gateway Scg 5 0 Application Appliance
CVE-2025-43942 Oct 30, 2025
Dell Unity 5.5 and prior OS Command Injection Vulnerability Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.
Unity
CVE-2025-46422 Oct 30, 2025
Dell Unity 5.5 OS Command Injection: local lowpriv admin can gain root Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.
Unity
CVE-2025-46423 Oct 30, 2025
Dell Unity 5.5 and prior OS Command Injection Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.
Unity
CVE-2025-43939 Oct 30, 2025
Dell Unity 5.4 OS Cmd Injection Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.
Unity
CVE-2025-43940 Oct 30, 2025
OS Command Injection in Dell Unity 5.5 and Earlier Causes Privilege Escalation Dell Unity, version(s) 5.5 and Prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.
Unity
CVE-2025-43941 Oct 30, 2025
Dell Unity 5.5 and Prior: OS Command Injection (adminless) Dell Unity, version(s) 5.5 and Prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary command with root privileges. This vulnerability only affects systems without a valid license install.
Unity
CVE-2025-46602 Oct 27, 2025
Dell SupportAssist OS Recovery <5.5.15.0: Sensitive File Leak Info Exposure Dell SupportAssist OS Recovery, versions prior to 5.5.15.0, contain an Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.
Supportassist Os Recovery
CVE-2025-43994 Oct 24, 2025
Missing Auth in Dell Storage Manager DSM 20.1.21 Leaks Info Dell Storage Center - Dell Storage Manager, version(s) DSM 20.1.21, contain(s) a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
Dell Storage Manager
CVE-2025-43995 Oct 24, 2025
Unauthorized Access Vulnerability in Dell Storage Manager 20.1.21 (ApiProxy.war) Dell Storage Center - Dell Storage Manager, version(s) 20.1.21, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Authentication Bypass in DSM Data Collector. An unauthenticated remote attacker can access APIs exposed by ApiProxy.war in DataCollectorEar.ear by using a special SessionKey and UserId. These userid are special users created in compellentservicesapi for special purposes.
Dell Storage Manager
CVE-2025-46425 Oct 24, 2025
Dell Storage Manager 20.1.20 XXE Vulnerability (Unauthorized Access) Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
Dell Storage Manager
Storage Manager
CVE-2025-43991 Oct 13, 2025
Symlink Follow in Dell SupportAssist <=4.8.2 Home / <=4.5.3 Biz, File Delete SupportAssist for Home PCs versions 4.8.2 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contain an UNIX Symbolic Link (Symlink) following vulnerability. A low privileged attacker with local access to the system could potentially exploit this vulnerability to delete arbitrary files only in that affected system.
Supportassist For Home Pcs
Supportassist For Business Pcs
Supportassist
And others...
CVE-2025-43724 Oct 08, 2025
Dell PowerScale OneFS <9.12.0.0: Auth Bypass via User-Key Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an authorization bypass through user-controlled key vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to gain unauthorized access to NFSv4 or SMB shares.
Powerscale Onefs
CVE-2025-36565 Oct 07, 2025
Dell PowerProtect DD OS <7.7.1.0-8.1.0.10, 7.13.1.025, 7.10.1.050: Arg Injection for Local Priv Esca Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution. Exploitation may allow privilege escalation to root.
Data Domain Operating System
CVE-2025-36566 Oct 07, 2025
Dell PowerProtect DataDomain OS Cmd Inject 7.7.1.0-8.1.0.10 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution. Exploitation may allow privilege escalation to root.
Data Domain Operating System
CVE-2025-36569 Oct 07, 2025
OS Command Injection in Dell PowerProtect DataDomain OS (7.78.1) Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.
Data Domain Operating System
CVE-2025-36567 Oct 07, 2025
OS Command Injection in Dell PowerProtect Data Domain 7.7.1.0-8.1.0.10 & 7.10-7.13 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution. Exploitation may allow privilege escalation to root.
Data Domain Operating System
CVE-2025-43727 Oct 07, 2025
Dell PowerProtect Data Domain DD OS <8.1 Unauth Auth Alg in RESTAPI Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an incorrect Implementation of Authentication Algorithm vulnerability in the RestAPI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
Data Domain Operating System
CVE-2025-43910 Oct 07, 2025
Dell PowerProtect Data Domain DD OS Stack Buffer Overflow in DDSH CLI (DoS) Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain a Stack-based Buffer Overflow vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service.
Data Domain Operating System
CVE-2025-43909 Oct 07, 2025
Dell PowerProtect Data Domain DD OS 7.7.1-8.3.1 Risky Crypto Alg. in DD Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Use of a Broken or Risky Cryptographic Algorithm vulnerability in the DD boost. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.
Data Domain Operating System
CVE-2025-43905 Oct 07, 2025
Dell PowerProtect Data Domain 7.7.1.0-8.3.1.0 ARGINJ Vulnerability (DoS) Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.
Data Domain Operating System
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.