CVE-2025-21117Operation on a Resource after Expiration or Release in Dell Avamar

CWE-672Operation on a Resource after Expiration or Release3 documents3 sources
Severity
5.5MEDIUMNVD
CNA6.6
EPSS
0.1%
top 68.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dell AvamarDell Avamar Server
Timeline
PublishedFeb 5

Description

Dell Avamar, version 19.4 or later, contains an access token reuse vulnerability in the AUI. A low privileged local attacker could potentially exploit this vulnerability, leading to fully impersonating the user.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5dell/avamar6 versions+5
NVDdell/avamar_server5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-h34r-pgxj-xwh9: Dell Avamar, version 192025-02-05
CVEList
CVE-2025-21117: Dell Avamar, version 192025-02-05
CVE-2025-21117 — Dell Avamar vulnerability | cvebase