Dell NetWorker Unquoted Search Path Vulnerability (<=19.11.0.3)
CVE-2025-21107 Published on January 30, 2025
Dell NetWorker, version(s) prior to 19.11.0.3, all versions of 19.10 & prior versions contain(s) an Unquoted Search Path or Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
Vulnerability Analysis
CVE-2025-21107 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Unquoted Search Path or Element
The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. If a malicious individual has access to the file system, it is possible to elevate privileges by inserting such a file as "C:\Program.exe" to be run by a privileged program making use of WinExec.
Products Associated with CVE-2025-21107
Want to know whenever a new CVE is published for Dell Networker? stack.watch will email you.
Affected Versions
Dell NetWorker:- Version 19.11, <= 19.11.0.2 is affected.
- Version 19.10, <= 19.10.0.6 is affected.
- Before 19.10 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.