CVE-2025-21105

Summary

Dell RecoverPoint for Virtual Machines 6.0.X contains a command execution vulnerability. A Low privileged malicious user with local access could potentially exploit this vulnerability by running the specific binary and perform any administrative action permitted by it resulting in shutting down the server, modifying the configuration leading to gain access to unauthorized data.

Affected Software

VendorProductVersion RangeStatus
DellRecoverPoint for VMs6.0 SP1affected
DellRecoverPoint for VMs6.0 SP1 P1affected
DellRecoverPoint for VMs6.0 SP1 P2affected

Weaknesses

  • CWE-284: CWE-284: Improper Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References