CVE-2021-21551 HIGH

CVE-2021-21551

Vendor Dell
Product dbutil
Weakness CWE-782
KEV Status Known Exploited
Published May 4, 2021
Last update October 21, 2025

CVSS base score

8.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.

CISA mandated remediation

02CISA Required Action

Apply updates per vendor instructions.

Key dates

03Disclosure timeline

May 4, 2021 CVE published
October 21, 2025 Record updated