CVE-2025-21103
Published: 17 February 2025
Description
Dell NetWorker Management Console, version(s) 19.11 through 19.11.0.3 & Versions prior to 19.10.0.7 contain(s) an improper neutralization of server-side vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability and run arbitrary code on the server.
Security Summary
CVE-2025-21103 is an improper neutralization of server-side vulnerability (CWE-97) affecting Dell NetWorker Management Console in versions 19.11 through 19.11.0.3 and all versions prior to 19.10.0.7. This flaw enables an unauthenticated attacker with local access to potentially execute arbitrary code on the server. The vulnerability received a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high impact with local access, low complexity, no privileges required, and user interaction needed.
An unauthenticated attacker who gains local access to the affected system can exploit this vulnerability to achieve remote code execution. The attack requires the victim to interact in some way, such as opening a malicious file or interface element, but no authentication or elevated privileges are necessary on the part of the attacker.
Dell has published DSA-2025-095, a security advisory with details on mitigation available at https://www.dell.com/support/kbdoc/en-us/000286268/dsa-2025-095-security-update-for-dell-networker-management-console-vulnerability. Security practitioners should consult this advisory for patching instructions and apply updates to remediate the issue.
Details
- CWE(s)