CVE-2025-36582:CVE-2025-36582 is a vulnerability in Dell NetWorker (versions 19.12.0.1 and prior) that allows unauthenticated remote attackers to exploit a selection of less-secure algorithms during negotiation, potentially leading to information disclosure.

splash
Back

Description Preview

Dell NetWorker, a data protection and recovery software, contains a vulnerability identified as CVE-2025-36582. This vulnerability arises from the use of less-secure algorithms during the negotiation process, which can be exploited by an unauthenticated attacker with remote access. The attack could lead to information disclosure, as the attacker may gain access to sensitive data. The vulnerability has a CVSS base score of 4.8, categorized as medium severity, indicating a moderate risk to affected systems. The attack complexity is high, requiring specific conditions to be met for successful exploitation.

Overview

  • CVE ID: CVE-2025-36582
  • Affected Software: Dell NetWorker (versions 19.12.0.1 and prior)
  • Vulnerability Type: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
  • Impact: Information disclosure
  • Attack Vector: Network
  • Privileges Required: None
  • User Interaction: None
  • CVSS Score: 4.8 (Medium)
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Remediation

To mitigate the risks associated with CVE-2025-36582, users of Dell NetWorker should:

  1. Upgrade to the latest version of Dell NetWorker that addresses this vulnerability.
  2. Review and apply any security patches provided by Dell as part of their security updates.
  3. Implement network security measures to limit remote access to the affected systems.
  4. Regularly monitor security advisories from Dell for updates and further guidance.

References

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Manufacturing: Low
    Manufacturing
  2. Health Care & Social Assistance: Low
    Health Care & Social Assistance
  3. Finance and Insurance: Low
    Finance and Insurance
  4. Other Services (except Public Administration): Low
    Other Services (except Public Administration)
  5. Professional, Scientific, & Technical Services: Low
    Professional, Scientific, & Technical Services
  6. Retail Trade: Low
    Retail Trade
  7. Accommodation & Food Services: Low
    Accommodation & Food Services
  8. Administrative, Support, Waste Management & Remediation Services: Low
    Administrative, Support, Waste Management & Remediation Services
  9. Agriculture, Forestry Fishing & Hunting: Low
    Agriculture, Forestry Fishing & Hunting
  10. Arts, Entertainment & Recreation: Low
    Arts, Entertainment & Recreation
  11. Construction: Low
    Construction
  12. Educational Services: Low
    Educational Services
  13. Information: Low
    Information
  14. Management of Companies & Enterprises: Low
    Management of Companies & Enterprises
  15. Mining: Low
    Mining
  16. Public Administration: Low
    Public Administration
  17. Real Estate Rental & Leasing: Low
    Real Estate Rental & Leasing
  18. Transportation & Warehousing: Low
    Transportation & Warehousing
  19. Utilities: Low
    Utilities
  20. Wholesale Trade: Low
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background