What is the CVSS score of CVE-2025-46645?

CVE-2025-46645 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Data Domain Operating System are affected by CVE-2025-46645?

CVE-2025-46645 presents notable security risk, a OS command injection vulnerability rated CVSS 6.5. Exploitation could allow attackers to execute code or inject malicious input.

How to fix or mitigate CVE-2025-46645?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Validate input sanitization for user-controlled parameters.

Data Domain Operating System CVE-2025-46645

MEDIUM

OS Command Injection (CWE-78)

2026-01-09 security_alert@emc.com

Command Injection Data Domain Operating System

6.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Jan 09, 2026 - 17:15 nvd

MEDIUM 6.5

DescriptionNVD

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.

AnalysisAI

Technical ContextAI

Classified as CWE-78 (OS Command Injection). Affects Data Domain Operating System. Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execut

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2025-46645 vulnerability details – vuln.today

Back

Data Domain Operating System CVE-2025-46645

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code