Cyber Posture

CVE-2025-21103

High

Published: 17 February 2025

Published
17 February 2025
Modified
06 December 2025
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0007 21.6th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-21103 is a high-severity Improper Neutralization of Server-Side Includes (SSI) Within a Web Page (CWE-97) vulnerability in Dell Networker. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 21.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 PE-3 (Physical Access Control) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly remediates the improper neutralization vulnerability by applying vendor patches as specified in Dell DSA-2025-095.

SI-10 Information Input Validation good match
prevent

Requires validation of information inputs to the system, directly countering the improper neutralization of server-side special elements (CWE-97) that enables arbitrary code execution.

PE-3 Physical Access Control good match
prevent

Limits physical access to the affected system, preventing unauthenticated attackers from gaining the local access (AV:L) required to exploit the vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
attack.mitre.org →
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
attack.mitre.org →
Why these techniques?

Local unauthenticated code execution via improper server-side neutralization directly maps to client-side exploitation and arbitrary command execution.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Dell NetWorker Management Console, version(s) 19.11 through 19.11.0.3 & Versions prior to 19.10.0.7 contain(s) an improper neutralization of server-side vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability and run arbitrary code on the server.

Deeper analysisAI

CVE-2025-21103 is an improper neutralization of server-side vulnerability (CWE-97) affecting Dell NetWorker Management Console in versions 19.11 through 19.11.0.3 and all versions prior to 19.10.0.7. This flaw enables an unauthenticated attacker with local access to potentially execute arbitrary code on the server. The vulnerability received a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high impact with local access, low complexity, no privileges required, and user interaction needed.

An unauthenticated attacker who gains local access to the affected system can exploit this vulnerability to achieve remote code execution. The attack requires the victim to interact in some way, such as opening a malicious file or interface element, but no authentication or elevated privileges are necessary on the part of the attacker.

Dell has published DSA-2025-095, a security advisory with details on mitigation available at https://www.dell.com/support/kbdoc/en-us/000286268/dsa-2025-095-security-update-for-dell-networker-management-console-vulnerability. Security practitioners should consult this advisory for patching instructions and apply updates to remediate the issue.

Details

CWE(s)
CWE-97

Affected Products

dell
networker
≤ 19.10.0.7 · 19.11 — 19.11.0.3

CVEs Like This One

CVE-2025-36604Same vendor: Dell
CVE-2025-30479Same vendor: Dell
CVE-2026-26354Same vendor: Dell
CVE-2025-24377Same vendor: Dell
CVE-2025-36588Same vendor: Dell
CVE-2026-25907Same vendor: Dell
CVE-2025-24386Same vendor: Dell
CVE-2026-32655Same vendor: Dell
CVE-2026-27102Same vendor: Dell
CVE-2026-26944Same vendor: Dell

References