CVE-2025-21107
Description
Dell NetWorker, version(s) prior to 19.11.0.3, all versions of 19.10 & prior versions contain(s) an Unquoted Search Path or Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A local low-privileged attacker can exploit an unquoted search path in Dell NetWorker to execute arbitrary code.
Vulnerability
An unquoted search path vulnerability exists in Dell NetWorker versions prior to 19.11.0.3, and all versions of 19.10 and earlier [1]. The vulnerability occurs when a service or executable uses an unquoted path containing spaces, allowing a locally authenticated attacker to insert a malicious executable that will be executed with elevated privileges [1].
Exploitation
An attacker with low-privileged local access can exploit this vulnerability by placing a crafted executable in a directory that will be searched due to the unquoted path [1]. No user interaction is required beyond the initial placement of the malicious file [1].
Impact
Successful exploitation allows the attacker to execute arbitrary code with the privileges of the affected service, which may be SYSTEM or another high-integrity account [1]. This results in complete compromise of confidentiality, integrity, and availability [1].
Mitigation
Dell has released NetWorker version 19.11.0.3 to address this vulnerability [1]. Users should upgrade to this version or later. No workarounds are provided in the advisory [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <19.11.0.3 (for 19.11.x) and all 19.10 and prior
- Range: 19.11
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.