CVE-2025-21104 MEDIUM

CVE-2025-21104

Vendor Dell

Product NetWorker

Weakness CWE-601 · Open redirect

Published March 13, 2025

Last update February 13, 2026

View on NVD All CVEs

CVSS base score

4.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Dell NetWorker, versions prior to 19.11.0.4 and version 19.12, contains an URL Redirection to Untrusted Site ('Open Redirect') Vulnerability in NetWorker Management Console. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The vulnerability could be leveraged by attackers to conduct phishing attacks that cause users to divulge sensitive information.

Key dates

02Disclosure timeline

March 13, 2025 CVE published

February 13, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-21104

Related vulnerabilities

Identifiers

CVE CVE-2025-21104

CWE CWE-601

CVSS 4.3 / MEDIUM

Affected versions

Vendor Dell

Product NetWorker

Affected ≥ N/A and < 19.11.0.4

Vendor Dell

Product NetWorker

Affected ≥ 19.12 and < 19.12.0.1

CVE-2025-21104

01Description

02Disclosure timeline

03References

04Related CVE