CVE-2025-45378

Medienbericht

EPSS 0.08%
Veröffentlicht 05.11.2025 16:23:15
Zuletzt bearbeitet 07.11.2025 17:52:11
Quelle security_alert@emc.com
CVE-Watchlists
Login
Unerledigt
Login

Dell CloudLink, versions 8.0 through 8.1.2, contain vulnerability on restricted shell. A Privileged user with known password can break into command shell of CloudLink server and gain access of shell and escalate privilege, gain unauthorized access of system.

If ssh is enabled with web credentials of server, attack is possible through network with known privileged user/password.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dell ≫ Cloudlink Version >= 8.0 <= 8.1.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.233

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.1	2.3	6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
security_alert@emc.com	9.1	2.3	6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

https://www.heise.de/news/Unbefugte-Zugriffe-auf-Dell-CloudLink-und-Command-Monitor-moeglich-11067491.html

Medienbericht

heise Security

https://www.dell.com/support/kbdoc/en-us/000384363/dsa-2025-374-security-update-for-dell-cloudlink-multiple-security-vulnerabilities

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-45378

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-45378

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-45378

EUVD