CVE-2025-21120 is a high-severity vulnerability affecting Dell Avamar Data Store Gen4T, specifically versions prior to 19.12 with patch 338905, excluding version 19.10SP1 with patch 338904. The vulnerability is categorized under CWE-650, which involves trusting HTTP permission methods on the server side. This means that the server improperly trusts the HTTP methods or permissions indicated by the client, potentially allowing a low-privileged remote attacker to exploit this flaw. By manipulating HTTP permission methods, the attacker could gain unauthorized access to sensitive information stored or processed by the Avamar Data Store. The vulnerability does not require user interaction and can be exploited remotely with low complexity, given that the attacker only needs low privileges to initiate the attack. The CVSS v3.1 base score is 8.3, reflecting high impact on confidentiality and integrity, with a lower impact on availability. The vulnerability allows an attacker to expose sensitive data, which could include backup data or configuration details, compromising the confidentiality and integrity of the system. Although no known exploits are currently reported in the wild, the potential for information exposure makes this a critical issue for organizations relying on Dell Avamar for data backup and recovery. The lack of patch links suggests that organizations must verify their patch status carefully and apply the appropriate updates to mitigate risk.

For European organizations, this vulnerability poses a significant risk due to the widespread use of Dell Avamar in enterprise backup and data protection environments. Exposure of sensitive backup data could lead to data breaches involving personal data protected under GDPR, resulting in regulatory penalties and reputational damage. The integrity compromise could undermine trust in backup data, affecting disaster recovery and business continuity plans. Additionally, information exposure could facilitate further attacks, such as targeted phishing or lateral movement within networks. The vulnerability’s remote exploitability and low privilege requirement increase the risk of exploitation by insider threats or external attackers who have gained limited access. Given the critical role of backup systems in maintaining data availability and integrity, exploitation could disrupt operations and lead to costly incident response efforts.

European organizations should immediately verify the version and patch level of their Dell Avamar Data Store Gen4T installations. Applying the official patches—specifically patch 338905 for versions prior to 19.12 or patch 338904 for version 19.10SP1—is essential. In the absence of available patches, organizations should implement network-level controls to restrict access to the Avamar management interfaces, limiting exposure to trusted administrative networks only. Employing Web Application Firewalls (WAFs) to monitor and block suspicious HTTP methods or malformed requests can provide an additional layer of defense. Regularly auditing access logs for unusual HTTP method usage or unauthorized access attempts is recommended. Furthermore, organizations should review and enforce strict access controls and least privilege principles for users interacting with the Avamar system. Conducting penetration testing focused on HTTP method handling can help identify residual risks. Finally, maintaining up-to-date backups and validating their integrity ensures resilience in case of compromise.