CVE-2025-36598Path Traversal in Dell Avamar Virtual Edition

CWE-22Path Traversal3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 82.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dell Avamar Virtual EditionDell Powerprotect DP Series Appliance
Timeline
PublishedFeb 17

Description

Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to upload malicious files.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:HExploitability: 1.2 | Impact: 5.2

Affected Packages2 packages

CVEListV5dell/avamar_virtual_edition19.8 through 19.129.12 with CHF 338905 or later
CVEListV5dell/powerprotect_dp_series_applianceN/A2.7.9 with AV CHF 338905

🔴Vulnerability Details

2
CVEList
CVE-2025-36598: Dell Avamar, versions prior to 192026-02-17
GHSA
GHSA-fp2x-rmwp-chww: Dell Avamar, versions prior to 192026-02-17
CVE-2025-36598 — Path Traversal in Dell | cvebase