CVE-2025-21105
Published: 20 February 2025
Summary
CVE-2025-21105 is a medium-severity Improper Access Control (CWE-284) vulnerability in Dell Recoverpoint For Virtual Machines. Its CVSS base score is 6.6 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 14.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations to prevent low-privileged users from executing the vulnerable binary and performing unauthorized administrative actions.
Applies least privilege to restrict low-privileged users from running binaries capable of administrative functions like server shutdown or configuration modification.
Remediates the improper access control flaw in the RecoverPoint binary through timely patching as provided in Dell's DSA-2025-101 advisory.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Improper access control enables low-priv local users to run an admin binary for command execution and privileged actions, directly mapping to exploitation for privilege escalation.
NVD Description
Dell RecoverPoint for Virtual Machines 6.0.X contains a command execution vulnerability. A Low privileged malicious user with local access could potentially exploit this vulnerability by running the specific binary and perform any administrative action permitted by it resulting in shutting…
more
down the server, modifying the configuration leading to gain access to unauthorized data.
Deeper analysisAI
CVE-2025-21105 is a command execution vulnerability in Dell RecoverPoint for Virtual Machines version 6.0.X. Published on 2025-02-20, it stems from improper access control (CWE-284) that enables execution of unauthorized commands through a specific binary. The vulnerability carries a CVSS v3.1 base score of 6.6 (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L), indicating medium severity with local impact potential.
A low-privileged malicious user with local access can exploit the vulnerability by running the affected binary. This allows them to perform any administrative actions permitted by the binary, such as shutting down the server, modifying configurations, or gaining access to unauthorized data.
Dell has addressed this issue in security advisory DSA-2025-101, which provides updates for multiple component vulnerabilities in RecoverPoint for Virtual Machines. Practitioners should refer to the advisory at https://www.dell.com/support/kbdoc/en-us/000287503/dsa-2025-101-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-component-vulnerabilities for patching details and mitigation guidance.
Details
- CWE(s)