7.8

CVE-2025-26331

Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DellThinos Version <= 2411
   DellLatitude 3420 Version-
   DellLatitude 3440 Version-
   DellLatitude 5440 Version-
   DellLatitude 5450 Version-
   DellOptiplex 3000 Thin Client Version-
   DellOptiplex 5400 All-in-one Version-
   DellOptiplex 7410 All-in-one Version-
   DellOptiplex 7420 All-in-one Version-
   DellWyse 5070 Thin Client Version-
   DellWyse 5470 All-in-one Thin Client Version-
   DellWyse 5470 Mobile Thin Client Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.12
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security_alert@emc.com 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.