CVE-2025-36597

MEDIUM

Dell Avamar <19.12 - Path Traversal

Title source: llm

Description

Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure.

References (1)

Core 1

Core References

Various Sources vendor-advisory

https://www.dell.com/support/kbdoc/en-us/000347698/dsa-2025-271-security-update-for-dell-avamar-and-dell-avamar-virtual-edition-multiple-vulnerabilities

Scores

CVSS v3 4.7

EPSS 0.0005

EPSS Percentile 15.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (3)

Dell/Avamar Server 19.8 through 19.12 - Version 19.12 with CHF 338905 or later

Dell/Avamar Virtual Edition 19.8 through 19.12 - Version 19.12 with CHF 338905 or later

Dell/PowerProtect DP Series Appliance (IDPA) < Version 2.7.9 with AV CHF 338905

Published Feb 17, 2026

Tracked Since Feb 18, 2026