{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-21105", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2024-11-22T06:42:03.817Z", "datePublished": "2025-02-20T12:10:15.653Z", "dateUpdated": "2025-02-20T13:59:59.929Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "RecoverPoint for VMs", "vendor": "Dell", "versions": [{"status": "affected", "version": "6.0 SP1"}, {"status": "affected", "version": "6.0 SP1 P1"}, {"status": "affected", "version": "6.0 SP1 P2"}]}], "datePublic": "2025-02-19T18:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Dell RecoverPoint for Virtual Machines 6.0.X contains a command execution vulnerability. A Low privileged malicious user with local access could potentially exploit this vulnerability by running the specific binary and perform any administrative action permitted by it resulting in shutting down the server, modifying the configuration leading to gain access to unauthorized data.<br>"}], "value": "Dell RecoverPoint for Virtual Machines 6.0.X contains a command execution vulnerability. A Low privileged malicious user with local access could potentially exploit this vulnerability by running the specific binary and perform any administrative action permitted by it resulting in shutting down the server, modifying the configuration leading to gain access to unauthorized data."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284: Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2025-02-20T12:10:15.653Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000287503/dsa-2025-101-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-component-vulnerabilities"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-20T13:58:06.583600Z", "id": "CVE-2025-21105", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-20T13:59:59.929Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-21105", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-20T13:58:06.583600Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-20T13:58:10.787Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dell", "product": "RecoverPoint for VMs", "versions": [{"status": "affected", "version": "6.0 SP1"}, {"status": "affected", "version": "6.0 SP1 P1"}, {"status": "affected", "version": "6.0 SP1 P2"}], "defaultStatus": "unaffected"}], "datePublic": "2025-02-19T18:30:00.000Z", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000287503/dsa-2025-101-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-component-vulnerabilities", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Dell RecoverPoint for Virtual Machines 6.0.X contains a command execution vulnerability. A Low privileged malicious user with local access could potentially exploit this vulnerability by running the specific binary and perform any administrative action permitted by it resulting in shutting down the server, modifying the configuration leading to gain access to unauthorized data.", "supportingMedia": [{"type": "text/html", "value": "Dell RecoverPoint for Virtual Machines 6.0.X contains a command execution vulnerability. A Low privileged malicious user with local access could potentially exploit this vulnerability by running the specific binary and perform any administrative action permitted by it resulting in shutting down the server, modifying the configuration leading to gain access to unauthorized data.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284: Improper Access Control"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2025-02-20T12:10:15.653Z"}}}, "cveMetadata": {"cveId": "CVE-2025-21105", "state": "PUBLISHED", "dateUpdated": "2025-02-20T13:59:59.929Z", "dateReserved": "2024-11-22T06:42:03.817Z", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "datePublished": "2025-02-20T12:10:15.653Z", "assignerShortName": "dell"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "DD0ABCD5-9273-4799-A916-3518ED5EBB46", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp1_p1:*:*:*:*:*:*", "matchCriteriaId": "800D6F27-0B30-4E0A-94F6-B52367D50761", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp1_p2:*:*:*:*:*:*", "matchCriteriaId": "97E4273C-646D-402A-B560-13B1F3024488", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell RecoverPoint for Virtual Machines 6.0.X contains a command execution vulnerability. A Low privileged malicious user with local access could potentially exploit this vulnerability by running the specific binary and perform any administrative action permitted by it resulting in shutting down the server, modifying the configuration leading to gain access to unauthorized data."}, {"lang": "es", "value": "Dell RecoverPoint for Virtual Machines 6.0.X contiene una vulnerabilidad de ejecuci\u00f3n de comandos. Un usuario malintencionado con pocos privilegios y acceso local podr\u00eda aprovechar esta vulnerabilidad ejecutando el binario espec\u00edfico y realizando cualquier acci\u00f3n administrativa permitida por este, lo que provocar\u00eda el apagado del servidor y la modificaci\u00f3n de la configuraci\u00f3n, lo que dar\u00eda lugar a un acceso no autorizado a datos."}], "id": "CVE-2025-21105", "lastModified": "2025-07-31T17:31:21.743", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.7, "source": "security_alert@emc.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-02-20T12:15:11.233", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000287503/dsa-2025-101-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-component-vulnerabilities"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "security_alert@emc.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}