CVE-2025-26331

Published Mar 7, 2025

Last updated 2 months ago

CVSS high 7.8

Overview

Description: Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.
Source: security_alert@emc.com
NVD status: Analyzed
Products: thinos

Risk scores

CVSS 3.1

Type: Secondary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

security_alert@emc.com: CWE-77

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dell:thinos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6424032C-A6D9-4048-A769-873DEAE35BFA",
            "versionEndIncluding": "2411"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dell:latitude_3420:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7FB6E60F-F100-42BF-BC38-A38620EF8D2C"
          },
          {
            "criteria": "cpe:2.3:h:dell:latitude_3440:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "31C78A9B-65B4-4213-9A96-4E57CFA5B195"
          },
          {
            "criteria": "cpe:2.3:h:dell:latitude_5440:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "84EC8EA3-A91D-4D3B-B1A5-D650A526CAAE"
          },
          {
            "criteria": "cpe:2.3:h:dell:latitude_5450:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3DAF60D4-BDA2-43ED-802D-CE3ACB548693"
          },
          {
            "criteria": "cpe:2.3:h:dell:optiplex_3000_thin_client:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1C4B0B6B-7740-46D0-9FE0-3AFF8D9B4DDA"
          },
          {
            "criteria": "cpe:2.3:h:dell:optiplex_5400_all-in-one:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D08E685B-A29C-482E-989C-083B83E7C5CE"
          },
          {
            "criteria": "cpe:2.3:h:dell:optiplex_7410_all-in-one:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "802CD46E-86A4-4C9A-92DF-3297950D64B3"
          },
          {
            "criteria": "cpe:2.3:h:dell:optiplex_7420_all-in-one:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E03807D5-B923-4CA3-A53E-C616846C9C6B"
          },
          {
            "criteria": "cpe:2.3:h:dell:wyse_5070_thin_client:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C1664E2E-057D-4A8F-B8FC-73EC25D48DBC"
          },
          {
            "criteria": "cpe:2.3:h:dell:wyse_5470_all-in-one_thin_client:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3929B7A4-D181-4258-8722-57A751DB4CCC"
          },
          {
            "criteria": "cpe:2.3:h:dell:wyse_5470_mobile_thin_client:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1D9B6263-FF2F-428D-971B-48029951E62B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References