CVE-2025-21105
Published: 20 February 2025
Description
Dell RecoverPoint for Virtual Machines 6.0.X contains a command execution vulnerability. A Low privileged malicious user with local access could potentially exploit this vulnerability by running the specific binary and perform any administrative action permitted by it resulting in shutting down the server, modifying the configuration leading to gain access to unauthorized data.
Security Summary
CVE-2025-21105 is a command execution vulnerability in Dell RecoverPoint for Virtual Machines version 6.0.X. Published on 2025-02-20, it stems from improper access control (CWE-284) that enables execution of unauthorized commands through a specific binary. The vulnerability carries a CVSS v3.1 base score of 6.6 (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L), indicating medium severity with local impact potential.
A low-privileged malicious user with local access can exploit the vulnerability by running the affected binary. This allows them to perform any administrative actions permitted by the binary, such as shutting down the server, modifying configurations, or gaining access to unauthorized data.
Dell has addressed this issue in security advisory DSA-2025-101, which provides updates for multiple component vulnerabilities in RecoverPoint for Virtual Machines. Practitioners should refer to the advisory at https://www.dell.com/support/kbdoc/en-us/000287503/dsa-2025-101-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-component-vulnerabilities for patching details and mitigation guidance.
Details
- CWE(s)