ГлавнаяУязвимости → CVE-2025-26331
7.8высокая

CVE-2025-26331

Описание

Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.

Затрагиваемое ПО
Dell ThinosDell Latitude 3420Dell Latitude 3440Dell Latitude 5440Dell Latitude 5450Dell Optiplex 3000 thin clientDell Optiplex 5400 all-in-oneDell Optiplex 7410 all-in-oneDell Optiplex 7420 all-in-oneDell Wyse 5070 thin clientDell Wyse 5470 all-in-one thin clientDell Wyse 5470 mobile thin client
CVSS
Балл7.8 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://www.dell.com/support/kbdoc/en-us/000289886/dsa-2025-107https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2025-26331