CVE-2025-21120
📋 TL;DR
Dell Avamar versions before 19.12 with patch 338905 (excluding 19.10SP1 with patch 338904) have a server-side vulnerability where HTTP permission methods are improperly trusted. A low-privileged remote attacker could exploit this to expose sensitive information. Organizations running affected Dell Avamar backup solutions are impacted.
💻 Affected Systems
- Dell Avamar
- Dell Avamar Virtual Edition
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could access sensitive backup data, configuration files, or credentials stored in the Avamar system, potentially leading to data breaches or further system compromise.
Likely Case
Unauthorized access to backup metadata, configuration details, or limited system information that could facilitate reconnaissance for further attacks.
If Mitigated
With proper network segmentation and access controls, impact would be limited to information exposure within the segmented environment.
🎯 Exploit Status
Requires low-privileged remote access. No public exploit code identified at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 19.12 with patch 338905 or 19.10SP1 with patch 338904
Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000347698/dsa-2025-271-security-update-for-dell-avamar-and-dell-avamar-virtual-edition-multiple-vulnerabilities
Restart Required: Yes
Instructions:
1. Download patch 338905 for version 19.12 or patch 338904 for version 19.10SP1 from Dell Support. 2. Apply the patch following Dell's installation procedures. 3. Restart the Avamar services or system as required.
🔧 Temporary Workarounds
Network Segmentation
allRestrict network access to Avamar systems to only trusted management networks
Access Control Hardening
allImplement strict access controls and limit low-privileged user access to Avamar interfaces
🧯 If You Can't Patch
- Isolate Avamar systems from untrusted networks using firewalls and network segmentation
- Implement strict access controls and monitor for unusual HTTP method usage
🔍 How to Verify
Check if Vulnerable:
Check Avamar version via Avamar Administrator interface or command line. Compare against affected versions list.Check Version:
avmgr version (or check via Avamar Administrator GUI)Verify Fix Applied:
Verify patch installation through Avamar patch management interface or by checking version/patch level.📡 Detection & Monitoring
Log Indicators:
- Unusual HTTP method requests to Avamar services
- Access attempts from unauthorized low-privileged accounts
Network Indicators:
- HTTP traffic to Avamar ports using non-standard methods
- Repeated access attempts to sensitive endpoints
SIEM Query:
source="avamar" AND (http_method!="GET" OR http_method!="POST")