CVE-2025-21105

MEDIUM

Dell RecoverPoint for Virtual Machines 6.0.X - Authenticated Command Execution via Binary

Title source: llm

Description

Dell RecoverPoint for Virtual Machines 6.0.X contains a command execution vulnerability. A Low privileged malicious user with local access could potentially exploit this vulnerability by running the specific binary and perform any administrative action permitted by it resulting in shutting down the server, modifying the configuration leading to gain access to unauthorized data.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://www.dell.com/support/kbdoc/en-us/000287503/dsa-2025-101-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-component-vulnerabilities

Scores

CVSS v3 6.6

EPSS 0.0005

EPSS Percentile 14.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-284

Status published

Products (1)

dell/recoverpoint_for_virtual_machines 6.0 sp1 (3 CPE variants)

Published Feb 20, 2025

Tracked Since Feb 18, 2026