Login Sign Up

CVE-2025-21104

4.3 MEDIUM
Open Redirect

📋 TL;DR

Dell NetWorker Management Console versions prior to 19.11.0.4 and version 19.12 contain an open redirect vulnerability that allows unauthenticated attackers to redirect users to malicious websites. This could enable phishing attacks to steal sensitive information. All users running affected versions are vulnerable.

💻 Affected Systems

Products:
  • Dell NetWorker Management Console
Versions: All versions prior to 19.11.0.4 and version 19.12
Operating Systems: All supported OS for Dell NetWorker
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in the web interface component of NetWorker Management Console.

📦 What is this software?

Networker by Dell

View all CVEs affecting Networker →

Networker by Dell

View all CVEs affecting Networker →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Successful phishing campaign leading to credential theft, financial loss, or malware installation on user systems.

🟠

Likely Case

Phishing attacks tricking users into revealing credentials or sensitive information via fake login pages.

🟢

If Mitigated

Limited impact with proper user awareness training and network segmentation preventing external access.

🌐 Internet-Facing: HIGH - Unauthenticated remote access allows external attackers to exploit this vulnerability.
🏢 Internal Only: MEDIUM - Internal attackers could still exploit for phishing but with more limited scope.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Open redirect vulnerabilities typically require minimal technical skill to exploit once the vulnerable endpoint is identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 19.11.0.4 or later (excluding 19.12)

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000294392/dsa-2025-124-security-update-for-dell-networker-management-console-for-http-host-header-injection-vulnerability

Restart Required: Yes

Instructions:

1. Download patch from Dell support portal. 2. Backup current configuration. 3. Apply patch following Dell documentation. 4. Restart NetWorker services. 5. Verify successful update.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict access to NetWorker Management Console to trusted IP addresses only

Web Application Firewall Rules

all

Configure WAF to block open redirect patterns and suspicious URL parameters

🧯 If You Can't Patch

  • Isolate NetWorker Management Console to internal network only
  • Implement strict user awareness training about phishing risks

🔍 How to Verify

Check if Vulnerable:

Check NetWorker version via Management Console interface or command line

Check Version:

nsrwatch -V (on NetWorker server)

Verify Fix Applied:

Verify version is 19.11.0.4 or later (not 19.12) and test redirect functionality

📡 Detection & Monitoring

Log Indicators:

  • Unusual redirect patterns in web server logs
  • Multiple failed authentication attempts following redirects

Network Indicators:

  • HTTP requests with suspicious redirect parameters to NetWorker console

SIEM Query:

source="networker_console" AND (url="*redirect=*" OR url="*url=*" OR url="*return=*")

📊 Metadata

CVE ID: CVE-2025-21104
CVSS v3 Score: 4.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CWE: CWE-601
EPSS Score: 0.18% exploit probability (38.9th percentile)
Published: March 13, 2025
Last Updated: February 13, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-21104, you might also want to check these:

CVE-2025-43526 9.8

A URL validation vulnerability in macOS and Safari allows web content opened via file URLs to bypass...

Same vulnerability type (CWE-601)
CVE-2025-55031 9.8

This vulnerability in Firefox and Focus for iOS allows malicious web pages to trigger hybrid passkey...

Same vulnerability type (CWE-601)
CVE-2024-22891 9.8

CVE-2024-22891 is a critical remote code execution vulnerability in Nteract v0.28.0 that allows atta...

Same vulnerability type (CWE-601)