8.4
CVE-2025-43730
- EPSS 0.06%
- Veröffentlicht 27.08.2025 13:57:39
- Zuletzt bearbeitet 15.01.2026 14:59:32
- Quelle security_alert@emc.com
- CVE-Watchlists
- Unerledigt
LoginDell ThinOS 10, versions prior to 2508_10.0127, contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A local unauthenticated user could potentially exploit this vulnerability leading to Elevation of Privileges and Information disclosure.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dell ≫ Thinos Version < 2508
Dell ≫ Latitude 3330 Version-
Dell ≫ Latitude 3420 Version-
Dell ≫ Latitude 3440 Version-
Dell ≫ Latitude 3450 Version-
Dell ≫ Latitude 5440 Version-
Dell ≫ Latitude 5450 Version-
Dell ≫ Latitude 5520 Version-
Dell ≫ Latitude 5530 Version-
Dell ≫ Latitude 5540 Version-
Dell ≫ Latitude 5550 Version-
Dell ≫ Optiplex 3000 Tc Version-
Dell ≫ Optiplex 5400 All-in-one Version-
Dell ≫ Optiplex 7020 Version-
Dell ≫ Optiplex All-in-one 7410 Version-
Dell ≫ Optiplex All-in-one 7420 Version-
Dell ≫ Optiplex Micro Plus 7010 Version-
Dell ≫ Precision 3260 Compact Version-
Dell ≫ Precision 3280 Version-
Dell ≫ Pro 14 Pc14250 Version-
Dell ≫ Pro 16 Pc16250 Version-
Dell ≫ Pro 16 Plus Pb16250 Version-
Dell ≫ Pro 24 All-in-one Version-
Dell ≫ Pro Max 14 Version-
Dell ≫ Pro Max 16 Plus Version-
Dell ≫ Pro Rugged 13 Ra13250 Version-
Dell ≫ Pro Rugged 14 Rb14250 Version-
Dell ≫ Pro Slim Low Sff Version-
Dell ≫ Pro Tower Qct1250 Version-
Dell ≫ Wyse 5070 Extended Thin Client Version-
Dell ≫ Wyse 5070 Thin Client Version-
Dell ≫ Wyse 5470 All-in-one Thin Client Version-
Dell ≫ Wyse 5470 Mtc Version-
Dell ≫ Latitude 3420 Version-
Dell ≫ Latitude 3440 Version-
Dell ≫ Latitude 3450 Version-
Dell ≫ Latitude 5440 Version-
Dell ≫ Latitude 5450 Version-
Dell ≫ Latitude 5520 Version-
Dell ≫ Latitude 5530 Version-
Dell ≫ Latitude 5540 Version-
Dell ≫ Latitude 5550 Version-
Dell ≫ Optiplex 3000 Tc Version-
Dell ≫ Optiplex 5400 All-in-one Version-
Dell ≫ Optiplex 7020 Version-
Dell ≫ Optiplex All-in-one 7410 Version-
Dell ≫ Optiplex All-in-one 7420 Version-
Dell ≫ Optiplex Micro Plus 7010 Version-
Dell ≫ Precision 3260 Compact Version-
Dell ≫ Precision 3280 Version-
Dell ≫ Pro 14 Pc14250 Version-
Dell ≫ Pro 16 Pc16250 Version-
Dell ≫ Pro 16 Plus Pb16250 Version-
Dell ≫ Pro 24 All-in-one Version-
Dell ≫ Pro Max 14 Version-
Dell ≫ Pro Max 16 Plus Version-
Dell ≫ Pro Rugged 13 Ra13250 Version-
Dell ≫ Pro Rugged 14 Rb14250 Version-
Dell ≫ Pro Slim Low Sff Version-
Dell ≫ Pro Tower Qct1250 Version-
Dell ≫ Wyse 5070 Extended Thin Client Version-
Dell ≫ Wyse 5070 Thin Client Version-
Dell ≫ Wyse 5470 All-in-one Thin Client Version-
Dell ≫ Wyse 5470 Mtc Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.197 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| security_alert@emc.com | 8.4 | 2.5 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.