CVE-2025-21120

Description

Dell Avamar, versions prior to 19.12 with patch 338905, excluding version 19.10SP1 with patch 338904, contains a Trusting HTTP Permission Methods on the Server-Side vulnerability in Security. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

References

Link	Tags
https://www.dell.com/support/kbdoc/en-us/000347698/dsa-2025-271-security-update-for-dell-avamar-and-dell-avamar-virtual-edition-multiple-vulnerabilities	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2025-21120?: CVE-2025-21120 has been scored as a high severity vulnerability.
How to fix CVE-2025-21120?: To fix CVE-2025-21120, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-21120 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2025-21120 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-21120?: CVE-2025-21120 affects Dell Avamar Data Store Gen4T, Dell Avamar Data Store Gen4T, Dell Avamar Data Store Gen5A, Dell Avamar Data Store Gen5A, Dell Avamar Virtual Edition for VMware ESXi and vSphere, Dell Avamar Virtual Edition for VMware ESXi and vSphere, Dell Avamar Virtual Edition for VMware vSphere only, Dell Avamar Virtual Edition for VMware vSphere only.

Description

Category

CWE-650 – Trusting HTTP Permission Methods on the Server Side

References

Frequently Asked Questions