Dell Avamar: Unauthorized Access to Sensitive Data

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

4.7

Dell Avamar: Unauthorized Access to Sensitive Data

CVE-2025-36597

Summary

Dell Avamar versions before 19.12 with patch 338905 have a security weakness that could allow an attacker with high privileges and remote access to access sensitive information they shouldn't be able to see. This could happen if a malicious person gains access to the system and uses a specific technique to navigate through directories. To fix this, update to version 19.12 with patch 338905 or later.

Original title

Original description

Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure.

nvd CVSS3.1 4.7

Vulnerability type

CWE-22 Path Traversal

https://www.dell.com/support/kbdoc/en-us/000347698/dsa-2025-271-security-update-...

Published: 17 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026