CVE-2025-46428
Published: 12 November 2025
Description
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Security Summary
CVE-2025-46428 is an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability, classified under CWE-77, in Dell SmartFabric OS10 Software versions prior to 10.6.1.0. Published on 2025-11-12, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), reflecting high severity due to its potential for significant impact across confidentiality, integrity, and availability.
A low-privileged attacker with remote access can exploit this vulnerability, requiring low complexity and no user interaction. Successful exploitation enables arbitrary code execution on the affected system.
Dell security advisory DSA-2025-407, detailed at https://www.dell.com/support/kbdoc/en-us/000391062/dsa-2025-407-security-update-for-dell-networking-os10-vulnerabilities, addresses this and related OS10 vulnerabilities with recommended security updates.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Command injection vulnerability in network device software enables exploitation of remote services (T1210), execution of arbitrary commands via network device CLI (T1059.008), and privilege escalation through RCE from low-privileged access (T1068).