CVE-2025-29986

Published: Apr 8, 2025Modified: Jul 15, 2025

8.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Exploitability: 3.9 / Impact: 3.7

Source: security_alert@emc.com (Secondary)

Description

Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s) an Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Common Anti-Virus Agent (CAVA). An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

Affected (1)

Products: Dell: Common Event Enabler

1 product

Common Event Enabler

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dell Common Event Enabler	Version 9.0.0.0

Related CWEs

Improper Restriction of Communication Channel to Intended Endpoints

The product establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.

References (1)

https://www.dell.com/support/kbdoc/en-us/000303931/dsa-2025-158-security-update-for-dell-common-event-enabler-vulnerabilities

Source: security_alert@emc.com

Vendor Advisory

Timeline

No history available yet.