Server-Side Vulnerability in Dell Avamar Affects Security Features
CVE-2025-21120

8.3HIGH

Key Information:

Vendor: Dell
Status: Avamar Data Store Gen4t; Avamar Data Store Gen5a; Avamar Virtual Edition For Vmware Esxi And Vsphere; Avamar Virtual Edition For Vmware Vsphere Only
Vendor: CVE Published:; 4 August 2025

What is CVE-2025-21120?

Dell Avamar prior to version 19.12 with patch 338905, except for version 19.10SP1 with patch 338904, contains a security vulnerability involving Trusting HTTP Permission Methods on the Server-Side. This weakness allows low privileged attackers with remote access to potentially exploit the system, leading to the exposure of sensitive information. Users are advised to apply the latest patches to mitigate potential risks.

Affected Version(s)

Avamar Data Store Gen4T 19.12

Avamar Data Store Gen4T 19.10, 19.10-SP1, 19.7, 19.8, 19.9 and 19.4 < 19.10SP1 with patch 338904 or later

Avamar Data Store Gen5A 19.12 < 19.12 with patch 338905 or later

References

https://www.dell.com/support/kbdoc/en-us/000347698/dsa-20...

vendor-advisory

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 4, 2025
Vulnerability Reserved
Nov 23, 2024