CVE-2025-21105
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
Summary
Dell RecoverPoint for Virtual Machines 6.0.X contains a command execution vulnerability. A Low privileged malicious user with local access could potentially exploit this vulnerability by running the specific binary and perform any administrative action permitted by it resulting in shutting down the server, modifying the configuration leading to gain access to unauthorized data.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Dell | RecoverPoint for VMs | 6.0 SP1 | affected |
| Dell | RecoverPoint for VMs | 6.0 SP1 P1 | affected |
| Dell | RecoverPoint for VMs | 6.0 SP1 P2 | affected |
Weaknesses
- CWE-284: CWE-284: Improper Access Control
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.