CVE-2025-27688

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-27688
Dell ThinOS 2408 and prior, contains an improper permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.dell.com/support/kbdoc/en-us/000289886/dsa-2025-107 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dell:thinos:*:*:*:*:*:*:*:*
OR cpe:2.3:h:dell:latitude_3420:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_3440:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_5440:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_5450:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_3000_thin_client:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_5400_all-in-one:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_7410_all-in-one:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_7420_all-in-one:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:wyse_5070_thin_client:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:wyse_5470_all-in-one_thin_client:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:wyse_5470_mobile_thin_client:-:*:*:*:*:*:*:*
History

01 Jul 2025, 15:08

Type Values Removed Values Added
CPE cpe:2.3:h:dell:wyse_5470_mobile_thin_client:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_5440:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_5400_all-in-one:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_5450:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_7410_all-in-one:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:wyse_5070_thin_client:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:wyse_5470_all-in-one_thin_client:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:thinos:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_3000_thin_client:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_3440:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_7420_all-in-one:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_3420:-:*:*:*:*:*:*:*
Summary
  • (es) Dell ThinOS 2408 y versiones anteriores presentan una vulnerabilidad de permisos inadecuados. Un atacante con pocos privilegios y acceso local podría explotar esta vulnerabilidad, lo que conllevaría una elevación de privilegios.
First Time Dell latitude 5450
Dell
Dell wyse 5470 Mobile Thin Client
Dell wyse 5070 Thin Client
Dell latitude 3440
Dell optiplex 7420 All-in-one
Dell optiplex 3000 Thin Client
Dell latitude 5440
Dell optiplex 7410 All-in-one
Dell latitude 3420
Dell optiplex 5400 All-in-one
Dell wyse 5470 All-in-one Thin Client
Dell thinos
References () https://www.dell.com/support/kbdoc/en-us/000289886/dsa-2025-107 - () https://www.dell.com/support/kbdoc/en-us/000289886/dsa-2025-107 - Vendor Advisory

18 Mar 2025, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-18 16:15

Updated : 2025-07-01 15:08

NVD link : CVE-2025-27688

Mitre link : CVE-2025-27688

CVE.ORG link : CVE-2025-27688

JSON object : View

Products Affected

dell

  • optiplex_5400_all-in-one
  • optiplex_7420_all-in-one
  • wyse_5470_mobile_thin_client
  • optiplex_7410_all-in-one
  • wyse_5470_all-in-one_thin_client
  • wyse_5070_thin_client
  • optiplex_3000_thin_client
  • latitude_5450
  • latitude_5440
  • thinos
  • latitude_3420
  • latitude_3440
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource