cvelistv5 - CVE-2025-43730

CVE-2025-43730 (GCVE-0-2025-43730)

Vulnerability from cvelistv5 – Published: 2025-08-27 13:57 – Updated: 2025-08-28 03:55

Summary

Dell ThinOS 10, versions prior to 2508_10.0127, contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A local unauthenticated user could potentially exploit this vulnerability leading to Elevation of Privileges and Information disclosure.

Severity ?

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Assigner

dell

References

URL

Tags

https://www.dell.com/support/kbdoc/en-us/00035961…

vendor-advisory

Impacted products

	Vendor	Product	Version
	Dell	ThinOS 10	Affected: N/A , < 2508_10.0127 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-43730",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-27T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-28T03:55:24.667Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ThinOS 10",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "2508_10.0127",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-08-26T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Dell ThinOS 10, versions prior to 2508_10.0127, contains an Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027) vulnerability. A local unauthenticated user could potentially exploit this vulnerability leading to Elevation of Privileges and Information disclosure."
            }
          ],
          "value": "Dell ThinOS 10, versions prior to 2508_10.0127, contains an Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027) vulnerability. A local unauthenticated user could potentially exploit this vulnerability leading to Elevation of Privileges and Information disclosure."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-88",
              "description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-27T13:57:39.797Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000359619/dsa-2025-331"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2025-43730",
    "datePublished": "2025-08-27T13:57:39.797Z",
    "dateReserved": "2025-04-17T05:03:55.667Z",
    "dateUpdated": "2025-08-28T03:55:24.667Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-43730\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2025-08-27T14:15:51.120\",\"lastModified\":\"2025-08-29T16:24:09.860\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Dell ThinOS 10, versions prior to 2508_10.0127, contains an Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027) vulnerability. A local unauthenticated user could potentially exploit this vulnerability leading to Elevation of Privileges and Information disclosure.\"},{\"lang\":\"es\",\"value\":\"Dell ThinOS 10, versiones anteriores a la 2508_10.0127, contiene una vulnerabilidad de neutralizaci\u00f3n incorrecta de delimitadores de argumentos en un comando (inyecci\u00f3n de argumentos). Un usuario local no autenticado podr\u00eda explotar esta vulnerabilidad, lo que podr\u00eda provocar la elevaci\u00f3n de privilegios y la divulgaci\u00f3n de informaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security_alert@emc.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.5,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security_alert@emc.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-88\"}]}],\"references\":[{\"url\":\"https://www.dell.com/support/kbdoc/en-us/000359619/dsa-2025-331\",\"source\":\"security_alert@emc.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-43730\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-27T14:09:15.309626Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-27T14:09:19.402Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Dell\", \"product\": \"ThinOS 10\", \"versions\": [{\"status\": \"affected\", \"version\": \"N/A\", \"lessThan\": \"2508_10.0127\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2025-08-26T17:00:00.000Z\", \"references\": [{\"url\": \"https://www.dell.com/support/kbdoc/en-us/000359619/dsa-2025-331\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Dell ThinOS 10, versions prior to 2508_10.0127, contains an Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027) vulnerability. A local unauthenticated user could potentially exploit this vulnerability leading to Elevation of Privileges and Information disclosure.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Dell ThinOS 10, versions prior to 2508_10.0127, contains an Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027) vulnerability. A local unauthenticated user could potentially exploit this vulnerability leading to Elevation of Privileges and Information disclosure.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-88\", \"description\": \"CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"c550e75a-17ff-4988-97f0-544cde3820fe\", \"shortName\": \"dell\", \"dateUpdated\": \"2025-08-27T13:57:39.797Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-43730\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-28T03:55:24.667Z\", \"dateReserved\": \"2025-04-17T05:03:55.667Z\", \"assignerOrgId\": \"c550e75a-17ff-4988-97f0-544cde3820fe\", \"datePublished\": \"2025-08-27T13:57:39.797Z\", \"assignerShortName\": \"dell\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CNVD-2025-20857

Vulnerability from cnvd - Published: 2025-09-08

Title

DELL ThinOS 10参数注入漏洞

Description

DELL ThinOS 10是戴尔推出的新一代瘦客户端操作系统，专为虚拟桌面基础设施（VDI）设计，旨在提升安全性、效率和用户体验。 DELL ThinOS 10存在参数注入漏洞，该漏洞源于参数分隔符中和不当，攻击者可利用该漏洞导致权限提升和信息泄露。

Severity

高

Patch Name

DELL ThinOS 10参数注入漏洞的补丁

Patch Description

DELL ThinOS 10是戴尔推出的新一代瘦客户端操作系统，专为虚拟桌面基础设施（VDI）设计，旨在提升安全性、效率和用户体验。 DELL ThinOS 10存在参数注入漏洞，该漏洞源于参数分隔符中和不当，攻击者可利用该漏洞导致权限提升和信息泄露。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级程序修复该安全问题，详情见厂商官网： https://www.dell.com/support/kbdoc/en-us/000359619/dsa-2025-331

Reference

https://nvd.nist.gov/vuln/detail/CVE-2025-43730

Impacted products

Name
DELL ThinOS 10 <2508_10.0127

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-43730",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-43730"
    }
  },
  "description": "DELL ThinOS 10\u662f\u6234\u5c14\u63a8\u51fa\u7684\u65b0\u4e00\u4ee3\u7626\u5ba2\u6237\u7aef\u64cd\u4f5c\u7cfb\u7edf\uff0c\u4e13\u4e3a\u865a\u62df\u684c\u9762\u57fa\u7840\u8bbe\u65bd\uff08VDI\uff09\u8bbe\u8ba1\uff0c\u65e8\u5728\u63d0\u5347\u5b89\u5168\u6027\u3001\u6548\u7387\u548c\u7528\u6237\u4f53\u9a8c\u3002\n\nDELL ThinOS 10\u5b58\u5728\u53c2\u6570\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u53c2\u6570\u5206\u9694\u7b26\u4e2d\u548c\u4e0d\u5f53\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u6743\u9650\u63d0\u5347\u548c\u4fe1\u606f\u6cc4\u9732\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u7a0b\u5e8f\u4fee\u590d\u8be5\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u89c1\u5382\u5546\u5b98\u7f51\uff1a\r\nhttps://www.dell.com/support/kbdoc/en-us/000359619/dsa-2025-331",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-20857",
  "openTime": "2025-09-08",
  "patchDescription": "DELL ThinOS 10\u662f\u6234\u5c14\u63a8\u51fa\u7684\u65b0\u4e00\u4ee3\u7626\u5ba2\u6237\u7aef\u64cd\u4f5c\u7cfb\u7edf\uff0c\u4e13\u4e3a\u865a\u62df\u684c\u9762\u57fa\u7840\u8bbe\u65bd\uff08VDI\uff09\u8bbe\u8ba1\uff0c\u65e8\u5728\u63d0\u5347\u5b89\u5168\u6027\u3001\u6548\u7387\u548c\u7528\u6237\u4f53\u9a8c\u3002\r\n\r\nDELL ThinOS 10\u5b58\u5728\u53c2\u6570\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u53c2\u6570\u5206\u9694\u7b26\u4e2d\u548c\u4e0d\u5f53\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u6743\u9650\u63d0\u5347\u548c\u4fe1\u606f\u6cc4\u9732\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "DELL ThinOS 10\u53c2\u6570\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "DELL ThinOS 10 \u003c2508_10.0127"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2025-43730",
  "serverity": "\u9ad8",
  "submitTime": "2025-08-29",
  "title": "DELL ThinOS 10\u53c2\u6570\u6ce8\u5165\u6f0f\u6d1e"
}

GHSA-287Q-RCXW-C7C5

Vulnerability from github – Published: 2025-08-27 15:33 – Updated: 2025-08-27 15:33

Details

Severity ?

8.4 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-43730"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-88"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-27T14:15:51Z",
    "severity": "HIGH"
  },
  "details": "Dell ThinOS 10, versions prior to 2508_10.0127, contains an Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027) vulnerability. A local unauthenticated user could potentially exploit this vulnerability leading to Elevation of Privileges and Information disclosure.",
  "id": "GHSA-287q-rcxw-c7c5",
  "modified": "2025-08-27T15:33:15Z",
  "published": "2025-08-27T15:33:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43730"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000359619/dsa-2025-331"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2025-43730

Vulnerability from fkie_nvd - Published: 2025-08-27 14:15 - Updated: 2025-08-29 16:24

Severity ?

8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	security_alert@emc.com	https://www.dell.com/support/kbdoc/en-us/000359619/dsa-2025-331

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Dell ThinOS 10, versions prior to 2508_10.0127, contains an Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027) vulnerability. A local unauthenticated user could potentially exploit this vulnerability leading to Elevation of Privileges and Information disclosure."
    },
    {
      "lang": "es",
      "value": "Dell ThinOS 10, versiones anteriores a la 2508_10.0127, contiene una vulnerabilidad de neutralizaci\u00f3n incorrecta de delimitadores de argumentos en un comando (inyecci\u00f3n de argumentos). Un usuario local no autenticado podr\u00eda explotar esta vulnerabilidad, lo que podr\u00eda provocar la elevaci\u00f3n de privilegios y la divulgaci\u00f3n de informaci\u00f3n."
    }
  ],
  "id": "CVE-2025-43730",
  "lastModified": "2025-08-29T16:24:09.860",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.9,
        "source": "security_alert@emc.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-08-27T14:15:51.120",
  "references": [
    {
      "source": "security_alert@emc.com",
      "url": "https://www.dell.com/support/kbdoc/en-us/000359619/dsa-2025-331"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-88"
        }
      ],
      "source": "security_alert@emc.com",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-43730 (GCVE-0-2025-43730)

CNVD-2025-20857

GHSA-287Q-RCXW-C7C5

FKIE_CVE-2025-43730

Tags

Sightings

Nomenclature