CVE-2025-36597_CVE-2025-36597

4.7 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Description

Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure.

Basic Information

ID CVE-2025-36597

Source dell

Published Feb 17, 2026 at 19:05

Affected Product

Vendor Dell

Product Avamar Server

Version 19.8 through 19.12

Affected Versions Dell Avamar Server 19.8 through 19.12
Dell Avamar Virtual Edition 19.8 through 19.12
Dell PowerProtect DP Series Appliance (IDPA) N/A

CWE Classification

CWE-22

References

www.dell.com /support/kbdoc/en-us/000347698/dsa-2025-271-security-update-for-dell-avamar-and-dell-avamar-virtual-edition-multiple-vulnerabilities

{
    "lastseen": "",
    "description": "Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure.",
    "published": "2026-02-17T19:05:24.614Z",
    "modified": "2026-02-17T19:05:24.614Z",
    "type": "cve",
    "title": "CVE-2025-36597",
    "source": "dell",
    "references": "https://www.dell.com/support/kbdoc/en-us/000347698/dsa-2025-271-security-update-for-dell-avamar-and-dell-avamar-virtual-edition-multiple-vulnerabilities",
    "id": "CVE-2025-36597",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "Dell Avamar Server 19.8 through 19.12\nDell Avamar Virtual Edition 19.8 through 19.12\nDell PowerProtect DP Series Appliance (IDPA) N/A",
    "sourceHref": "",
    "cvss": {
        "score": 4.7,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Avamar Server",
    "version": "19.8 through 19.12",
    "vendor": "Dell",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}