CVE-2025-21103

Published: Feb 17, 2025Modified: Dec 6, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: security_alert@emc.com (Secondary)

Description

Dell NetWorker Management Console, version(s) 19.11 through 19.11.0.3 & Versions prior to 19.10.0.7 contain(s) an improper neutralization of server-side vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability and run arbitrary code on the server.

Affected (2)

Products: Dell: Networker

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Dell Networker	Before 19.10.0.7
Dell Networker	From 19.11 to 19.11.0.3

Related CWEs

Improper Neutralization of Server-Side Includes (SSI) Within a Web Page

The product generates a web page, but does not neutralize or incorrectly neutralizes user-controllable input that could be interpreted as a server-side include (SSI) directive.

References (1)

https://www.dell.com/support/kbdoc/en-us/000286268/dsa-2025-095-security-update-for-dell-networker-management-console-vulnerability

Source: security_alert@emc.com

Vendor Advisory

Timeline

No history available yet.