CVE-2025-21120

Summary

Dell Avamar, versions prior to 19.10 SP1 with patch 338904, contains a Trusting HTTP Permission Methods on the Server-Side vulnerability in Security. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

Affected Software

VendorProductVersion RangeStatus
DellAvamar Server19.8 through 19.10 < 19.10 SP1 with CHF 338904 or lateraffected
DellAvamar Virtual Edition19.8 through 19.10 < 19.10 SP1 with CHF 338904 or lateraffected

Weaknesses

  • CWE-650: CWE-650: Trusting HTTP Permission Methods on the Server Side

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References