CVE-2025-21120
BaseFortify
Publication date: 2025-08-04
Last updated on: 2026-02-25
Assigner: Dell
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dell | avamar | 19.12 |
| dell | avamar | 19.12 |
| dell | avamar | 19.12 |
| dell | avamar | 19.10 |
| dell | avamar | 19.10 |
| dell | avamar | 19.10 |
| dell | avamar | 19.10 |
| dell | avamar | 19.10 |
| dell | avamar | 19.10 |
| dell | avamar | 19.4 |
| dell | avamar | 19.4 |
| dell | avamar | 19.4 |
| dell | avamar | 19.7 |
| dell | avamar | 19.7 |
| dell | avamar | 19.7 |
| dell | avamar | 19.8 |
| dell | avamar | 19.8 |
| dell | avamar | 19.8 |
| dell | avamar | 19.9 |
| dell | avamar | 19.9 |
| dell | avamar | 19.9 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-650 | The server contains a protection mechanism that assumes that any URI that is accessed using HTTP GET will not cause a state change to the associated resource. This might allow attackers to bypass intended access restrictions and conduct resource modification and deletion attacks, since some applications allow GET to modify state. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Dell Avamar versions prior to 19.12 with patch 338905 (excluding version 19.10SP1 with patch 338904). It is a Trusting HTTP Permission Methods on the Server-Side vulnerability that allows a low privileged attacker with remote access to potentially exploit the server, leading to information exposure.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to information exposure, meaning sensitive data could be accessed by unauthorized attackers. This could compromise confidentiality and potentially affect the integrity and availability of the system.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch 338905 to Dell Avamar versions prior to 19.12, or upgrade to version 19.10SP1 with patch 338904, as these address the Trusting HTTP Permission Methods vulnerability.