CVE-2025-21117

Summary

Dell Avamar, version 19.4 or later, contains an access token reuse vulnerability in the AUI. A low privileged local attacker could potentially exploit this vulnerability, leading to fully impersonating the user.

Affected Software

VendorProductVersion RangeStatus
DellAvamar19.4affected
DellAvamar19.7affected
DellAvamar19.8affected
DellAvamar19.9affected
DellAvamar19.10affected
DellAvamar19.10 SP1affected

Weaknesses

  • CWE-672: CWE-672: Operation on a Resource after Expiration or Release

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References