CVE-2025-21120
HIGHDescription
Dell Avamar, versions prior to 19.10 SP1 with patch 338904, contains a Trusting HTTP Permission Methods on the Server-Side vulnerability in Security. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| dell | avamar |
| dell | avamar |
| dell | avamar |
| dell | avamar |
| dell | avamar |
| dell | avamar |
| dell | avamar |
| dell | avamar |
| dell | avamar |
| dell | avamar |
| dell | avamar |
| dell | avamar |
| dell | avamar |
| dell | avamar |
| dell | avamar |
| dell | avamar |
| dell | avamar |
| dell | avamar |
| dell | avamar |
| dell | avamar |
| dell | avamar |
References
Frequently Asked Questions
What is CVE-2025-21120? +
How severe is CVE-2025-21120? +
What products are affected by CVE-2025-21120? +
How do I check if I'm vulnerable to CVE-2025-21120? +
Related Vulnerabilities
IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 could allow a remote attacker to …
ChurchCRM is an open-source church management system. Prior to 7.3.2, top-level cross-site GET navigation from an attacker-controlled page to FundRaiserDelete.php, …
IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification.
IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification.
IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to perform unauthorized file …
Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by …