CVE-2025-21120

Dell Avamar, versions prior to 19.10 SP1 with patch 338904, contains a Trusting HTTP Permission Methods on the Server-Side vulnerability in Security. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

CVSS v3 8.3 HIGH

8.3^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000347698/dsa-2025-271-security-update-for-dell-avamar-and-dell-avamar-virtual-edition-multiple-vulnerabilities	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:dell:avamar:19.4::::virtual:esxi::*
	cpe:2.3:a:dell:avamar:19.4::::virtual:vmware::*
	cpe:2.3:a:dell:avamar:19.4::::virtual:vsphere::*
	cpe:2.3:a:dell:avamar:19.7::::virtual:esxi::*
	cpe:2.3:a:dell:avamar:19.7::::virtual:vmware::*
	cpe:2.3:a:dell:avamar:19.7::::virtual:vsphere::*
	cpe:2.3:a:dell:avamar:19.8::::virtual:esxi::*
	cpe:2.3:a:dell:avamar:19.8::::virtual:vmware::*
	cpe:2.3:a:dell:avamar:19.8::::virtual:vsphere::*
	cpe:2.3:a:dell:avamar:19.9::::virtual:esxi::*
	cpe:2.3:a:dell:avamar:19.9::::virtual:vmware::*
	cpe:2.3:a:dell:avamar:19.9::::virtual:vsphere::*
	cpe:2.3:a:dell:avamar:19.10:-:::virtual:esxi::
	cpe:2.3:a:dell:avamar:19.10:-:::virtual:vmware::
	cpe:2.3:a:dell:avamar:19.10:-:::virtual:vsphere::
	cpe:2.3:a:dell:avamar:19.10:sp1:::virtual:esxi::
	cpe:2.3:a:dell:avamar:19.10:sp1:::virtual:vmware::
	cpe:2.3:a:dell:avamar:19.10:sp1:::virtual:vsphere::
	cpe:2.3:a:dell:avamar:19.12::::virtual:esxi::*
	cpe:2.3:a:dell:avamar:19.12::::virtual:vmware::*
	cpe:2.3:a:dell:avamar:19.12::::virtual:vsphere::*

History

No history.

Information

Published : 2025-08-04 19:15

Updated : 2026-02-25 15:14

NVD link : CVE-2025-21120

Mitre link : CVE-2025-21120

CVE.ORG link : CVE-2025-21120

JSON object : View

Products Affected

dell

avamar

CWE

CWE-650

Trusting HTTP Permission Methods on the Server Side

{"id": "CVE-2025-21120", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-08-04T19:15:30.210", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000347698/dsa-2025-271-security-update-for-dell-avamar-and-dell-avamar-virtual-edition-multiple-vulnerabilities", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-650"}]}], "descriptions": [{"lang": "en", "value": "Dell Avamar, versions prior to 19.10 SP1 with patch 338904, contains a Trusting HTTP Permission Methods on the Server-Side vulnerability in Security. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure."}, {"lang": "es", "value": "Dell Avamar, versiones anteriores a la 19.12 con el parche 338905, excepto la versi\u00f3n 19.10SP1 con el parche 338904, contiene una vulnerabilidad de seguridad relacionada con los m\u00e9todos de permisos HTTP de confianza en el servidor. Un atacante con pocos privilegios y acceso remoto podr\u00eda explotar esta vulnerabilidad, lo que provocar\u00eda la exposici\u00f3n de informaci\u00f3n."}], "lastModified": "2026-02-25T15:14:51.750", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:avamar:19.4:*:*:*:virtual:esxi:*:*", "vulnerable": true, "matchCriteriaId": "4793C917-302E-4ACD-A648-7D87BB79420C"}, {"criteria": "cpe:2.3:a:dell:avamar:19.4:*:*:*:virtual:vmware:*:*", "vulnerable": true, "matchCriteriaId": "0F134C17-57A7-4501-BAC6-44D684B40274"}, {"criteria": "cpe:2.3:a:dell:avamar:19.4:*:*:*:virtual:vsphere:*:*", "vulnerable": true, "matchCriteriaId": "C2AA1AF6-BBEB-474B-BFDF-65BDA31A0BEF"}, {"criteria": "cpe:2.3:a:dell:avamar:19.7:*:*:*:virtual:esxi:*:*", "vulnerable": true, "matchCriteriaId": "7323A49B-13FA-46F0-8436-32048778B2D3"}, {"criteria": "cpe:2.3:a:dell:avamar:19.7:*:*:*:virtual:vmware:*:*", "vulnerable": true, "matchCriteriaId": "AAD1F4F9-0475-4577-B999-F7A37ADCBE85"}, {"criteria": "cpe:2.3:a:dell:avamar:19.7:*:*:*:virtual:vsphere:*:*", "vulnerable": true, "matchCriteriaId": "8997C078-ABE6-4E5B-8196-B2EC50E93402"}, {"criteria": "cpe:2.3:a:dell:avamar:19.8:*:*:*:virtual:esxi:*:*", "vulnerable": true, "matchCriteriaId": "00E6EB2D-8D7E-4976-9759-EEC9F7521F92"}, {"criteria": "cpe:2.3:a:dell:avamar:19.8:*:*:*:virtual:vmware:*:*", "vulnerable": true, "matchCriteriaId": "3B112013-C0CF-45C5-A4FF-8B8D4D56B18E"}, {"criteria": "cpe:2.3:a:dell:avamar:19.8:*:*:*:virtual:vsphere:*:*", "vulnerable": true, "matchCriteriaId": "9E4DFB88-112F-4BC9-8CED-72AE1B508B62"}, {"criteria": "cpe:2.3:a:dell:avamar:19.9:*:*:*:virtual:esxi:*:*", "vulnerable": true, "matchCriteriaId": "D2E97D6E-1B0B-42D2-B815-9C6832B70332"}, {"criteria": "cpe:2.3:a:dell:avamar:19.9:*:*:*:virtual:vmware:*:*", "vulnerable": true, "matchCriteriaId": "70E453E0-248B-406B-9493-91B956FDC0C7"}, {"criteria": "cpe:2.3:a:dell:avamar:19.9:*:*:*:virtual:vsphere:*:*", "vulnerable": true, "matchCriteriaId": "DFF960D2-6E01-4E78-ADE5-11352CAE4730"}, {"criteria": "cpe:2.3:a:dell:avamar:19.10:-:*:*:virtual:esxi:*:*", "vulnerable": true, "matchCriteriaId": "B4DF4788-34D6-4EF5-B7F4-A0EEFFB18D75"}, {"criteria": "cpe:2.3:a:dell:avamar:19.10:-:*:*:virtual:vmware:*:*", "vulnerable": true, "matchCriteriaId": "EA32AB1C-4FB3-4C06-8FFE-1E81CCD8ED57"}, {"criteria": "cpe:2.3:a:dell:avamar:19.10:-:*:*:virtual:vsphere:*:*", "vulnerable": true, "matchCriteriaId": "3F790002-847B-4AE3-86D3-62B8B54875E5"}, {"criteria": "cpe:2.3:a:dell:avamar:19.10:sp1:*:*:virtual:esxi:*:*", "vulnerable": true, "matchCriteriaId": "29E8D84D-473C-4A78-9D77-72E09C29AF2C"}, {"criteria": "cpe:2.3:a:dell:avamar:19.10:sp1:*:*:virtual:vmware:*:*", "vulnerable": true, "matchCriteriaId": "EB62B466-DD2D-4731-8643-43A254BC0BF8"}, {"criteria": "cpe:2.3:a:dell:avamar:19.10:sp1:*:*:virtual:vsphere:*:*", "vulnerable": true, "matchCriteriaId": "BB51EA7E-E7A2-45B2-BBE9-8F9847EA6F2B"}, {"criteria": "cpe:2.3:a:dell:avamar:19.12:*:*:*:virtual:esxi:*:*", "vulnerable": true, "matchCriteriaId": "ACA48457-DD33-4A0A-8A6D-616FAE085375"}, {"criteria": "cpe:2.3:a:dell:avamar:19.12:*:*:*:virtual:vmware:*:*", "vulnerable": true, "matchCriteriaId": "5FFD635A-85B8-4BA9-8514-1360D3021111"}, {"criteria": "cpe:2.3:a:dell:avamar:19.12:*:*:*:virtual:vsphere:*:*", "vulnerable": true, "matchCriteriaId": "E4EEAF2A-6F75-4D8C-B3A6-E3E35FAAD11F"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}