{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T06:22:21.319","vulnerabilities":[{"cve":{"id":"CVE-2025-21104","sourceIdentifier":"security_alert@emc.com","published":"2025-03-13T12:15:12.510","lastModified":"2026-02-13T20:16:15.527","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Dell NetWorker, versions prior to 19.11.0.4 and version 19.12, contains an URL Redirection to Untrusted Site ('Open Redirect') Vulnerability in NetWorker Management Console. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The vulnerability could be leveraged by attackers to conduct phishing attacks that cause users to divulge sensitive information."},{"lang":"es","value":"Dell NetWorker, versión 19.11.0.3 y anteriores, contiene una vulnerabilidad de redirección abierta en NMC. Un atacante no autenticado con acceso remoto podría explotar esta vulnerabilidad, lo que provocaría que el usuario de la aplicación objetivo fuera redirigido a URLs web arbitrarias. Los atacantes podrían aprovechar esta vulnerabilidad para realizar ataques de phishing que inciten a los usuarios a divulgar información confidencial."}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dell:networker:*:*:*:*:*:*:*:*","versionEndExcluding":"19.11.0.4","matchCriteriaId":"DE7075C1-AFD8-4483-BD39-6610B6887389"},{"vulnerable":true,"criteria":"cpe:2.3:a:dell:networker:19.12:*:*:*:*:*:*:*","matchCriteriaId":"2BAD3A8C-4B39-47DD-A622-F451C0772E59"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000294392/dsa-2025-124-security-update-for-dell-networker-management-console-for-http-host-header-injection-vulnerability","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}}]}