CVE-2025-21106

Published: Feb 20, 2025Modified: Jul 31, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: security_alert@emc.com (Secondary)

Description

Dell Recover Point for Virtual Machines 6.0.X contains a Weak file system permission vulnerability. A low privileged Local attacker could potentially exploit this vulnerability, leading to impacting only non-sensitive resources in the system.

Affected (3)

Products: Dell: Recoverpoint For Virtual Machines

Dell

1 product

Recoverpoint For Virtual Machines

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Dell Recoverpoint For Virtual Machines	Version 6.0 sp1
Dell Recoverpoint For Virtual Machines	Version 6.0 sp1_p1
Dell Recoverpoint For Virtual Machines	Version 6.0 sp1_p2

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (1)

https://www.dell.com/support/kbdoc/en-us/000287503/dsa-2025-101-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-component-vulnerabilities

Source: security_alert@emc.com

Vendor Advisory

Timeline

No history available yet.