CVE-2025-36597 — Path Traversal in Dell Avamar Server

CWE-22 — Path Traversal3 documents3 sources

Severity

4.7MEDIUMNVD

EPSS

0.0%

top 85.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Avamar Server Dell Avamar Virtual Edition Dell Powerprotect DP Series Appliance

Timeline

PublishedFeb 17

Description

Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:LExploitability: 1.2 | Impact: 3.4

Affected Packages3 packages

▶CVEListV5dell/avamar_server19.8 through 19.12 — Version 19.12 with CHF 338905 or later

▶CVEListV5dell/avamar_virtual_edition19.8 through 19.12 — Version 19.12 with CHF 338905 or later

▶CVEListV5dell/powerprotect_dp_series_applianceN/A — Version 2.7.9 with AV CHF 338905

🔴Vulnerability Details

CVEList

CVE-2025-36597: Dell Avamar, versions prior to 19↗2026-02-17

▶

GHSA

GHSA-7g55-6w4c-27v8: Dell Avamar, versions prior to 19↗2026-02-17

▶