DSA-2026-086: Security Update for Dell Avamar Data Store Gen5A Multiple Third-Party Component Vulnerabilities
Summary: Dell Avamar Data Store Gen5A remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
High
Details
| Third-party Component | CVEs | More Information |
| Dell Server PowerEdge BIOS R740xd | CVE-2024-28047 | DSA-2025-041 |
| Intel X710 NIC | CVE-2025-24486, CVE-2025-25273, CVE-2025-21086, CVE-2025-26863, CVE-2025-26697, CVE-2025-24511, CVE-2025-31146 | DSA-2025-324, DSA-2025-430 |
| Integrated Dell Remote Access Controller (iDRAC) | CVE-2025-20064, CVE-2025-20028, CVE-2025-20027 | DSA-2025-297 |
Affected Products & Remediation
| CVEs | Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
| CVE-2024-28047 | Dell Avamar Data Store Gen5A | Dell Server PowerEdge BIOS R740xd | Versions prior to 2.25.0 | Version 2.25.0 | Avamar Gen5a Jan 2026 firmware block (Hotfix 952820) |
| CVE-2025-24486, CVE-2025-25273, CVE-2025-21086, CVE-2025-26863, CVE-2025-26697, CVE-2025-24511, CVE-2025-31146 | Dell Avamar Data Store Gen5A | Intel X710 NIC | Version prior to 24.0.0 | Version 24.0.0 | Avamar Gen5a Jan 2026 firmware block (Hotfix 952820) |
| CVE-2025-20064, CVE-2025-20028, CVE-2025-20027 | Dell Avamar Data Store Gen5A | Integrated Dell Remote Access Controller (iDRAC) | Version prior to 7.00.00.183 | Version 7.00.00.183 | Avamar Gen5a Jan 2026 firmware block (Hotfix 952820) |
| CVEs | Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
| CVE-2024-28047 | Dell Avamar Data Store Gen5A | Dell Server PowerEdge BIOS R740xd | Versions prior to 2.25.0 | Version 2.25.0 | Avamar Gen5a Jan 2026 firmware block (Hotfix 952820) |
| CVE-2025-24486, CVE-2025-25273, CVE-2025-21086, CVE-2025-26863, CVE-2025-26697, CVE-2025-24511, CVE-2025-31146 | Dell Avamar Data Store Gen5A | Intel X710 NIC | Version prior to 24.0.0 | Version 24.0.0 | Avamar Gen5a Jan 2026 firmware block (Hotfix 952820) |
| CVE-2025-20064, CVE-2025-20028, CVE-2025-20027 | Dell Avamar Data Store Gen5A | Integrated Dell Remote Access Controller (iDRAC) | Version prior to 7.00.00.183 | Version 7.00.00.183 | Avamar Gen5a Jan 2026 firmware block (Hotfix 952820) |
Notes:
- The README file, included in the hotfix .zip download package, provides a comprehensive list of vulnerabilities remediated in this cumulative update, including both recent and previously identified vulnerabilities.
- To schedule a platform security patch installation or server upgrade, please contact Dell Customer Support. Dell recommends upgrading the latest release/version of your product.
- For a detailed example of how to apply an AVP-based hotfix, refer to KB 000069982: How to install an Avamar .avp hotfix using Avamar Installer (AVI).
Known Issue:
- Upgrading directly to the January 2026 firmware, which includes BIOS 2.25.0, may fail on systems running BIOS versions prior to 2.12.2, due to compatibility constraints.
Required Action:
- To verify the BIOS version, run the following command in the Avamar console as an admin/root user:
omreport system version
If the BIOS version is earlier than 2.12.2 contact Dell Customer Support to apply the September 2021 firmware block (AVP: Gen5aSep2021Blk338753.avp) before installing the January 2026 firmware.
Workarounds & Mitigations
None
Revision History
| Revision | Date | Description |
| 1.0 | 2026-03-10 | Initial Release |
| 2.0 | 2026-04-29 | CVE-2025-20064, CVE-2025-20028, CVE-2025-20027 added to DSA |
Related Information
Legal Disclaimer
Affected Products
Avamar, Avamar Data Store, Avamar Data Store Gen5A, Avamar ServerArticle Properties
Article Number: 000437829
Article Type: Dell Security Advisory
Last Modified: 29 أبريل 2026
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.