CVE-2025-22473
Published: 17 March 2025
Description
Adversaries may abuse Unix shell commands and scripts for execution.
Security Summary
CVE-2025-22473 is a command injection vulnerability (CWE-77), classified as Improper Neutralization of Special Elements used in a Command, affecting Dell SmartFabric OS10 Software in versions 10.5.4.x, 10.5.5.x, 10.5.6.x, and 10.6.0.x. Published on 2025-03-17, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts from a local, low-privilege attack with low complexity and no user interaction required.
A low-privileged attacker with local access to the affected system can exploit this vulnerability to execute arbitrary code, potentially gaining escalated control over the device.
Dell has issued multiple security advisories addressing this and related OS10 vulnerabilities, including DSA-2025-070 (KB000289970), DSA-2025-069 (KB000293638), DSA-2025-079 (KB000294091), and DSA-2025-068 (KB000295014). These documents detail security updates and patches; administrators should review them for specific mitigation guidance and apply the recommended fixes promptly.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Local command injection (CWE-77) allows low-privileged attackers to execute arbitrary code on Dell OS10, directly enabling T1068 for privilege escalation and T1059.004 for Unix Shell command execution.