CVE-2025-36598

MEDIUM

Dell Avamar <19.12 - Path Traversal

Title source: llm

Description

Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to upload malicious files.

References (1)

Core 1

Core References

Various Sources vendor-advisory

https://www.dell.com/support/kbdoc/en-us/000347698/dsa-2025-271-security-update-for-dell-avamar-and-dell-avamar-virtual-edition-multiple-vulnerabilities

Scores

CVSS v3 6.5

EPSS 0.0006

EPSS Percentile 18.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-22

Status published

Products (2)

Dell/Avamar Virtual Edition 19.8 through 19.12 - 9.12 with CHF 338905 or later

Dell/PowerProtect DP Series Appliance (IDPA) < 2.7.9 with AV CHF 338905

Published Feb 17, 2026

Tracked Since Feb 18, 2026