CVE-2025-46427
Published: 12 November 2025
Description
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Security Summary
CVE-2025-46427 is an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability, classified under CWE-77, affecting Dell SmartFabric OS10 Software in versions prior to 10.6.1.0. Published on 2025-11-12, it allows special elements in commands to be inadequately sanitized, enabling malicious input to alter command execution.
A low-privileged attacker with remote access can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation leads to command execution on the affected system, granting high confidentiality, integrity, and availability impacts as reflected in its CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Dell's security advisory DSA-2025-407 details a security update addressing this and other Dell Networking OS10 vulnerabilities. Practitioners should consult the advisory at https://www.dell.com/support/kbdoc/en-us/000391062/dsa-2025-407-security-update-for-dell-networking-os10-vulnerabilities for patch deployment and mitigation guidance.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Command injection vulnerability directly enables arbitrary command execution via Network Device CLI (T1059.008) and exploitation of the remote management service (T1210).