CVE-2025-21105 MEDIUM

CVE-2025-21105

Vendor Dell

Product RecoverPoint for VMs

Weakness CWE-284

Published February 20, 2025

Last update February 20, 2025

View on NVD All CVEs

CVSS base score

6.6/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

What the vulnerability does

01Description

Dell RecoverPoint for Virtual Machines 6.0.X contains a command execution vulnerability. A Low privileged malicious user with local access could potentially exploit this vulnerability by running the specific binary and perform any administrative action permitted by it resulting in shutting down the server, modifying the configuration leading to gain access to unauthorized data.

Key dates

02Disclosure timeline

February 20, 2025 CVE published

February 20, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-21105

Related vulnerabilities

04Related CVE

CVE-2024-21376 Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability CVE-2020-11931 Ubuntu modifications to pulseaudio to provide snap security enforcement could be unloaded CVE-2024-29837 Poor session management in Evolution Controller allows administrator functionality for unauthenticated connections CVE-2026-46614 Fission router exposes /fission-function/<ns>/<name> on its public listener, allowing invocation of any function without an HTTPTrigger CVE-2023-40060 2FA/MFA Bypass Vulnerability in Serv-U 15.4 and 15.4 Hotfix 1

Identifiers

CVE CVE-2025-21105

CWE CWE-284

CVSS 6.6 / MEDIUM

Affected versions

Vendor Dell

Product RecoverPoint for VMs

Affected 6.0 SP1

Vendor Dell

Product RecoverPoint for VMs

Affected 6.0 SP1 P1

Vendor Dell

Product RecoverPoint for VMs

Affected 6.0 SP1 P2