CVE-2025-45379
Published: 05 November 2025
Description
Adversaries may abuse Unix shell commands and scripts for execution.
Security Summary
CVE-2025-45379 is a command injection vulnerability (CWE-78) in Dell CloudLink versions prior to 8.2. The flaw allows a privileged user with a known password to execute arbitrary commands via the console, enabling shell access to the underlying system. It carries a CVSS v3.1 base score of 8.4 (AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to its potential for significant impact across confidentiality, integrity, and availability.
Exploitation requires adjacent network access (AV:A) and possession of a privileged user's known password, with low attack complexity and no user interaction needed. A successful attack grants shell access with elevated privileges, allowing full system compromise through the changed scope (S:C), resulting in high-impact effects on the targeted system.
Dell has released a security update addressing this and other vulnerabilities in CloudLink, as detailed in DSA-2025-374. Practitioners should consult the advisory at https://www.dell.com/support/kbdoc/en-us/000384363/dsa-2025-374-security-update-for-dell-cloudlink-multiple-security-vulnerabilities and upgrade affected systems to version 8.2 or later for mitigation.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Command injection vulnerability in Dell CloudLink console enables exploitation of a remote service (T1210) to execute arbitrary commands and gain Unix shell access (T1059.004).