CVE-2025-21120

Dell Avamar, versions prior to 19.12 with patch 338905, excluding version 19.10SP1 with patch 338904, contains a Trusting HTTP Permission Methods on the Server-Side vulnerability in Security. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

CVSS v3 8.3 HIGH

8.3^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000347698/dsa-2025-271-security-update-for-dell-avamar-and-dell-avamar-virtual-edition-multiple-vulnerabilities

Configurations

No configuration.

History

05 Aug 2025, 14:34

Type	Values Removed	Values Added
Summary		(es) Dell Avamar, versiones anteriores a la 19.12 con el parche 338905, excepto la versión 19.10SP1 con el parche 338904, contiene una vulnerabilidad de seguridad relacionada con los métodos de permisos HTTP de confianza en el servidor. Un atacante con pocos privilegios y acceso remoto podría explotar esta vulnerabilidad, lo que provocaría la exposición de información.

04 Aug 2025, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-04 19:15

Updated : 2025-08-05 14:34

NVD link : CVE-2025-21120

Mitre link : CVE-2025-21120

CVE.ORG link : CVE-2025-21120

JSON object : View

Products Affected

No product.

CWE

CWE-650

Trusting HTTP Permission Methods on the Server Side

8.3 /10