DSA-2025-271: Security update for Dell Avamar and Dell Avamar Virtual Edition Multiple Vulnerabilities
Summary: Dell Avamar and Dell Avamar Virtual Edition remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Critical
Details
| Third-party Component | CVEs | More Information |
| Apache Struts | CVE-2024-53677 | https://nvd.nist.gov/vuln/search |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2025-21120 | Dell Avamar, versions prior to 19.12 with patch 338905, excluding version 19.10SP1 with patch 338904, contains a Trusting HTTP Permission Methods on the Server-Side vulnerability in Security. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. | 8.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2025-21120 | Dell Avamar, versions prior to 19.12 with patch 338905, excluding version 19.10SP1 with patch 338904, contains a Trusting HTTP Permission Methods on the Server-Side vulnerability in Security. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. | 8.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L |
Affected Products & Remediation
| Product | Software/Firmware | Affected Versions | Remediated Version | Link |
| Dell Avamar Data Store Gen4T | SUSE Linux Enterprise 12 SP5 | Version 19.12 | Version 19.12 with patch 338905 or later | Avamar Downloads Area |
| Dell Avamar Data Store Gen4T | SUSE Linux Enterprise 12 SP5 | Versions 19.10, 19.10-SP1, 19.7, 19.8, 19.9 and 19.4 | Version 19.10SP1 with patch 338904 or later | Avamar Downloads Area |
| Dell Avamar Data Store Gen5A | SUSE Linux Enterprise 12 SP5 | Version 19.12 | Version 19.12 with patch 338905 or later | Avamar Downloads Area |
| Dell Avamar Data Store Gen5A | SUSE Linux Enterprise 12 SP5 | Versions 19.10, 19.10-SP1, 19.7, 19.8, 19.9 and 19.4 | Version 19.10SP1 with patch 338904 or later | Avamar Downloads Area |
| Avamar Virtual Edition for VMware ESXi and vSphere | SUSE Linux Enterprise 12 SP5 | Version 19.12 | Version 19.12 with patch 338905 or later | Avamar Downloads Area |
| Avamar Virtual Edition for VMware ESXi and vSphere | SUSE Linux Enterprise 12 SP5 | Versions 19.10, 19.10-SP1, 19.7, 19.8, 19.9 and 19.4 | Version 19.10SP1 with patch 338904 or later | Avamar Downloads Area |
| Avamar Virtual Edition for VMware vSphere only | SUSE Linux Enterprise 12 SP5 | Version 19.12 | Version 19.12 with patch 338905 or later | Avamar Downloads Area |
| Avamar Virtual Edition for VMware vSphere only | SUSE Linux Enterprise 12 SP5 | Versions 19.10, 19.10-SP1, 19.7, 19.8, 19.9 and 19.4 | Version 19.10SP1 with patch 338904 or later | Avamar Downloads Area |
| Product | Software/Firmware | Affected Versions | Remediated Version | Link |
| Dell Avamar Data Store Gen4T | SUSE Linux Enterprise 12 SP5 | Version 19.12 | Version 19.12 with patch 338905 or later | Avamar Downloads Area |
| Dell Avamar Data Store Gen4T | SUSE Linux Enterprise 12 SP5 | Versions 19.10, 19.10-SP1, 19.7, 19.8, 19.9 and 19.4 | Version 19.10SP1 with patch 338904 or later | Avamar Downloads Area |
| Dell Avamar Data Store Gen5A | SUSE Linux Enterprise 12 SP5 | Version 19.12 | Version 19.12 with patch 338905 or later | Avamar Downloads Area |
| Dell Avamar Data Store Gen5A | SUSE Linux Enterprise 12 SP5 | Versions 19.10, 19.10-SP1, 19.7, 19.8, 19.9 and 19.4 | Version 19.10SP1 with patch 338904 or later | Avamar Downloads Area |
| Avamar Virtual Edition for VMware ESXi and vSphere | SUSE Linux Enterprise 12 SP5 | Version 19.12 | Version 19.12 with patch 338905 or later | Avamar Downloads Area |
| Avamar Virtual Edition for VMware ESXi and vSphere | SUSE Linux Enterprise 12 SP5 | Versions 19.10, 19.10-SP1, 19.7, 19.8, 19.9 and 19.4 | Version 19.10SP1 with patch 338904 or later | Avamar Downloads Area |
| Avamar Virtual Edition for VMware vSphere only | SUSE Linux Enterprise 12 SP5 | Version 19.12 | Version 19.12 with patch 338905 or later | Avamar Downloads Area |
| Avamar Virtual Edition for VMware vSphere only | SUSE Linux Enterprise 12 SP5 | Versions 19.10, 19.10-SP1, 19.7, 19.8, 19.9 and 19.4 | Version 19.10SP1 with patch 338904 or later | Avamar Downloads Area |
Notes:
- The README file, included in the hotfix .zip download package, provides a comprehensive list of vulnerabilities remediated in this cumulative update, including both recent and previously identified vulnerabilities.
- Additional information related to the vulnerabilities remediated by Dell Avamar version 19.12 with patch 338905 is provided in DSA-2024-489.
- To schedule a platform security patch installation or server upgrade, please contact Dell Customer Support. Dell recommends upgrading the latest release/version of your product.
- For a detailed example of how to apply an AVP-based hotfix, refer to KB 000069982: How to install an Avamar .avp hotfix using Avamar Installer (AVI).
Workarounds & Mitigations
None
Revision History
| Revision | Date | Description |
| 1.0 | 2025-07-21 | Initial Release |
| 2.0 | 2025-07-28 |
Updated CVE description |
Related Information
Legal Disclaimer
Affected Products
Avamar, Avamar Data Store Gen4T, Avamar Data Store Gen5AArticle Properties
Article Number: 000347698
Article Type: Dell Security Advisory
Last Modified: 28 Jul 2025
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.