CVE-2025-21120 — Trusting HTTP Permission Methods on the Server Side in Dell Avamar Server

CWE-650 — Trusting HTTP Permission Methods on the Server Side3 documents3 sources

Severity

6.5MEDIUMNVD

CNA8.3

EPSS

0.1%

top 84.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Avamar Server Dell Avamar Virtual Edition Dell Avamar

Timeline

PublishedAug 4

Description

Dell Avamar, versions prior to 19.10 SP1 with patch 338904, contains a Trusting HTTP Permission Methods on the Server-Side vulnerability in Security. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5dell/avamar_server19.8 through 19.10 — 19.10 SP1 with CHF 338904 or later

▶CVEListV5dell/avamar_virtual_edition19.8 through 19.10 — 19.10 SP1 with CHF 338904 or later

▶NVDdell/avamar6 versions+5

🔴Vulnerability Details

GHSA

GHSA-qjvg-gx5p-355w: Dell Avamar, versions prior to 19↗2025-08-04

▶

CVEList

CVE-2025-21120: Dell Avamar, versions prior to 19↗2025-08-04

▶