CVE-2025-36582
CVE-2025-36582 is a medium-severity vulnerability in Dell Networker with a CVSS 3.x base score of 4.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-757.
Key facts
- Severity: Medium (CVSS 3.x base score 4.8)
- EPSS exploit prediction: 0% (12th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2025-19626
- Weakness: CWE-757
- Affected product: Dell Networker
- Published:
- Last modified:
Description
Dell NetWorker, versions 19.12.0.1 and prior, contains a Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
Frequently asked questions
- What is CVE-2025-36582?
- Dell NetWorker, versions 19.12.0.1 and prior, contains a Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
- How severe is CVE-2025-36582?
- CVE-2025-36582 has a CVSS 3.x base score of 4.8, rated medium severity. It is exploitable over network with high attack complexity, requires no privileges and no user interaction. Impact on confidentiality is low, integrity low, and availability none.
- Is CVE-2025-36582 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (12th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2025-36582?
- CVE-2025-36582 affects Dell Networker. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2025-36582?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2025-36582 have an EU (EUVD) identifier?
- Yes. CVE-2025-36582 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2025-19626.
- When was CVE-2025-36582 published?
- CVE-2025-36582 was published on 2025-07-01 and last updated on 2026-06-17.
References
Affected products (1)
- cpe:2.3:a:dell:networker:*:*:*:*:*:*:*:*
More vulnerabilities in Dell Networker
- CVE-2023-28055 — High (CVSS 8.8): Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated…
- CVE-2023-25539 — High (CVSS 8.4): Dell NetWorker 19.6.1.2, contains an OS command injection Vulnerability in the NetWorker client. A remote…
- CVE-2024-42422 — High (CVSS 8.3): Dell NetWorker, version(s) 19.10, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. An…
- CVE-2025-21103 — High (CVSS 7.8): Dell NetWorker Management Console, version(s) 19.11 through 19.11.0.3 & Versions prior to 19.10.0.7 contain(s) an…
- CVE-2025-21107 — High (CVSS 7.8): Dell NetWorker, version(s) prior to 19.11.0.3, all versions of 19.10 & prior versions contain(s) an Unquoted Search…
- CVE-2024-22432 — High (CVSS 7.8): Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config file during backup…
All CVEs affecting Dell Networker →
Other CWE-757 vulnerabilities
- CVE-2024-4995 — Critical (CVSS 9.8): Wapro ERP Desktop is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an…
- CVE-2024-38883 — Critical (CVSS 9.1): An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions,…
- CVE-2019-14887 — Critical (CVSS 9.1): A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly…
- CVE-2024-8773 — High (CVSS 8.3): SIMPLE.ERP client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an…
- CVE-2018-25029 — High (CVSS 8.1): The Z-Wave specification requires that S2 security can be downgraded to S0 or other less secure protocols, allowing an…
- CVE-2025-10693 — High (CVSS 7.6): When SmartStart Inclusion fails during the onboarding of a Z-Wave PIR sensor, the sensor will join the network as a…