Weak File System Permission Vulnerability in Dell Recover Point for Virtual Machines
CVE-2025-21106

5.5MEDIUM

Key Information:

Vendor: Dell
Status: Recoverpoint For Vms
Vendor: CVE Published:; 20 February 2025

Summary

Dell Recover Point for Virtual Machines version 6.0.X is susceptible to a weak file system permission vulnerability. This flaw allows low privileged local attackers to potentially exploit the affected system. While the impact is limited to non-sensitive resources, it still poses a risk that could be leveraged to access restricted areas within the file system. Users are advised to monitor and apply necessary security updates from Dell to mitigate any potential exploitation.

Affected Version(s)

RecoverPoint for VMs 6.0 SP1

RecoverPoint for VMs 6.0 SP1 P1

RecoverPoint for VMs 6.0 SP1 P2

References

https://www.dell.com/support/kbdoc/en-us/000287503/dsa-20...

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 20, 2025