Excess Auth Attempts in Dell PowerProtect DD OS 8.48.5: CVE-2025-46606 April 2026

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper restriction of excessive authentication attempts vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access.

Vulnerability Analysis

CVE-2025-46606 is exploitable with network access, and requires user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and a small impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

HIGH

Privileges Required:

HIGH

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

LOW

Weakness Type

Improper Restriction of Excessive Authentication Attempts

The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks.

Excess Auth Attempts in Dell PowerProtect DD OS 8.48.5
CVE-2025-46606 Published on April 17, 2026

Vulnerability Analysis

Weakness Type

Improper Restriction of Excessive Authentication Attempts

Affected Versions

Excess Auth Attempts in Dell PowerProtect DD OS 8.48.5CVE-2025-46606 Published on April 17, 2026

Vulnerability Analysis

Weakness Type

Improper Restriction of Excessive Authentication Attempts

Affected Versions

Excess Auth Attempts in Dell PowerProtect DD OS 8.48.5
CVE-2025-46606 Published on April 17, 2026